Hi,
Try this below
1) Enable WAF to your we App services, you can protect as per OWASP rules and can block certain IPs, URLs, locations - https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview
2) Keep App services under Vnet -- https://learn.microsoft.com/en-us/azure/app-service/environment/network-info