If you're running your app engine project on a custom domain (like this blog), you're probably not so happy that people can still access your app at http://appid.appspot.com.
When I started working on my blog, I realised this might be an issue, and did some investigating into how I could stop it. I found solution on SackOverflow that seemed to do what I needed, so I set it up and got it working.
Not long after implementing this code, I found a few problems:
SSL is not supported on custom domains
Cron jobs fail when Google invokes them with an appspot.com address and you serve a 301
So with some tweaks, I've managed to get this working as required. The only annoyance is the hard-coded '/admin' check. This is to support cron jobs, task queues etc., which are all protected ("login: admin" in app.yaml). They must work with an appspot.com address, because Google doesn't seem to follow the redirect when invoking them. It's possible you could do an IP address check here, but I'm not sure how consistent cron/task queue IP addresses are.
The code is called like this:
And dantup.py looks like this:
Hopefully you may find this useful. If you encounter any problems with it, please let me know!