Thank you for reaching out.
I understand you wish restrict the access of your web-app to Azure Front Door and send all the outbound traffic using Azure Front Door.
I think you can achieve this using Front Door identifier and App Service access restrictions.
Azure generates a unique identifier for each Front Door profile. You can find the identifier in the Azure portal, by looking for the Front Door ID value in the Overview page of your profile.
When Front Door makes a request to your origin, it adds the X-Azure-FDID
request header. Your origin should inspect the header on incoming requests, and reject requests where the value doesn't match your Front Door profile's identifier.
In you web app you can set access restriction in the following manner using AzureFrontDoor.Backend
service tag and X-Azure-FDID
so that the web can be accessed only using your Azure Front Door profile as shown below.
Hope this helps! Please let me know if you have any additional questions. Thank you!
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.