Hiding .Azurewebsites.net for backend pools in Application Gateway
You could redirect the default Azure domain to your actual domain exclude the health probes URL using URL rewrite. The probes path doesn't need to contains the host name. For example, /healthprobes.
<rewrite>
<rules>
<rule name="RedirectToActualHost" stopProcessing="true">
<match url="(.)*" />
<conditions>
<add input="{HTTP_HOST}" pattern="^your_default_auzre_domain$" />
<add input="{REQUEST_URI}" pattern="^your_probes_path$" negate="true" />
</conditions>
<action type="Redirect" url="http://your_actual_host/{R:0}" />
</rule>
</rules>
</rewrite>
I achieved this by using the IP Restriction (Under Networking) of the App Service and added the IP of the Application Gateway so any other IP address is blocked i.e. will receive a 403. application Gateway health probe will still pass since it's IP has been white-listed