If the web front end/services have specific logins (as they should), then your best bet is to disable the logins
during maintenance. Or if you are using roles, you could kick them out of the roles during maintenance and add
them back in when you are done.
What is your security model like?
What is the requirement for the web front end/services? Do they need to know that maintenance is taking place
and be able to display a meaningful message?