Have you tried to use service endpoint for App Service?
Here is some references that could be helpful:
- https://zcusa.951200.xyz/en-us/azure/app-service/app-service-ip-restrictions
- https://markheath.net/post/securing-backend-appservice-webapps
- https://robertsmit.wordpress.com/2019/05/29/configure-azure-service-endpoints-for-web-applications-azure-ase-endpoints-azureserviceendpoints-webapp-azuredevops/