Let’s restrict app service to connect only through the app gateway, Considering Custom Domain is Added with SSL
Choose Networking and Configure Outbound Traffic with VNet Integration. See Application Gateway Web Application Firewall Configuration if needed
Choose the Appropriate Subnet for Outbound Traffic.
Outbound Traffic with VNet Integration is enabled
Now choose Unmatched Rule Action to Deny
Add and Allow only Application Gateway Subnet to work
Choose Continue
Traffic to unmatched rules to the main site will be denied.
Now Access Restrictions are in Place for Inbound and Outbound Traffic only through Application Gateway.
Now you can see App Service is Accessible only through the Application gateway and not direct (Error 403 – Forbidden)
