Hi,
To access your web app/function you would need TCP port 80 and 443, or just 443 if you use https only. Depending on your configuration and requirements, you may need to have a rule that blocks all inbound traffic from the VNet associated with the private endpoint and then a higher priority (lower number) rule to allow port 80/443 traffic only from required IP range.
Please click Accept Answer and upvote if the above was helpful.
Thanks.
-TP