If the web front end/services have specific logins (as they should), then your best bet is to disable the logins

during maintenance. Or if you are using roles, you could kick them out of the roles during maintenance and add

them back in when you are done.

What is your security model like?

What is the requirement for the web front end/services? Do they need to know that maintenance is taking place

and be able to display a meaningful message?