Accept request only from specific source IP address
I'm raising this again as the original from someone else was declined, possibly due to lack of clarity on purpose.
On an app gateway that has multiple listeners, there might be a need for listener A to be accessible from IP x and listener B to be accessible from IP y.
Using an NSG, only the whole of the App Gateway can have rules associated with it. I can't have listener A accept from one IP and listener B from another as listeners do not have a distinct identity that can be referenced in an NSG.
The only way around this would be multiple App Gateways in multiple subnets for each combination of source IP addresses.