When I place a CDN, or something like Azure Front Door, in front of a webapp, how do I stop traffic from directly hitting the .azurewebsite.net domain name?
I believe the below article discusses in depth on how to setup an Azure Web App and how to use Azure Front Door with it. It highlights how myappfrontend.azurefd.net will be the front end for your app, which will then redirect the request to the backend (.azurewebsites.net) only if the criteria is met. There is a second article that highlights setting up a custom domain to be used with Azure Front Door if necessary. Please review the below information and let us know if you have any more direct questions.
Once this is setup, you can develop reroute rules to direct requests from .azurewebsites.net to your custom domain, which would ensure all requests are handled by Azure Front Door.
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect rule for azurewebsites.net to domain.com" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions>
<add input="{HTTP_HOST}" pattern="whateverappdavid.azurewebsites.net" />
</conditions>
<action type="Redirect" url="http://therealdavids.com/{R:0}" />
</rule>
</rules>
</rewrite>
</system.webServer>