@MHM Cisco World 

Do you want for all configuration or specific part of configuration ? 

Check noaccess group if not work then share config.

I think it will work fine for your case

MHM

@MHM Cisco World 
I send configuration to private message . Please check .

For noacces group it not wok.

MHM

I try to config command below but client still can connect to URL x.x.x.x without / tunnel name 

group-policy NOACCESS internal
group-policy NOACCESS attributes
 vpn-simultaneous-logins 0
 vpn-tunnel-protocol IPSec webvpn

My solution is no need client to connect vpn without tunnel-group name 
URL : https://x.x.x.x/group-1     ----> YES
URL: https://x.x.x.x                  -----> NO 

Please help me for my concern. 

MHM

I don't understand for your advise . Please more explain me. 
Now I try to configure 

group-policy NOACCESS internal
group-policy NOACCESS attributes
vpn-simultaneous-logins 0
vpn-tunnel-protocol ikev1 ssl-client

ASA-1(config-tunnel-webvpn)# show run all tunnel-group DefaultWEBVPNGroup
tunnel-group DefaultWEBVPNGroup type remote-access
tunnel-group DefaultWEBVPNGroup general-attributes
no address-pool
no ipv6-address-pool
authentication-server-group LOCAL
secondary-authentication-server-group none
no accounting-server-group
default-group-policy NOACCESS
no dhcp-server
no strip-realm
no nat-assigned-to-public-ip
no scep-enrollment enable
no password-management
no strip-group
no authorization-required
username-from-certificate CN OU
secondary-username-from-certificate CN OU
authentication-attr-from-server primary
authenticated-session-username primary
username-from-certificate-choice second-certificate
secondary-username-from-certificate-choice second-certificate
tunnel-group DefaultWEBVPNGroup webvpn-attributes
customization DfltCustomization
authentication aaa
no override-svc-download
no external-browser enable
no radius-reject-message
no proxy-auth sdi
no pre-fill-username client
no pre-fill-username clientless
no secondary-pre-fill-username client
no secondary-pre-fill-username clientless
no saml-match-username-from-cert
dns-group DefaultDNS
no without-csd
tunnel-group DefaultWEBVPNGroup ipsec-attributes
no ikev1 pre-shared-key
peer-id-validate req
no chain
no ikev1 trust-point
no ikev1 radius-sdi-xauth
isakmp keepalive threshold 300 retry 2
ikev1 user-authentication xauth
no ikev2 remote-authentication
no ikev2 local-authentication
tunnel-group DefaultWEBVPNGroup ppp-attributes
no authentication pap
authentication chap
authentication ms-chap-v1
no authentication ms-chap-v2
no authentication eap-proxy

I review your config now 
MHM

tunnel-group DefaultWEBVPNGroup type remote-accesstunnel-group DefaultWEBVPNGroup general-attributes

default-group-policy DfltGrpPolicy

!

tunnel-group telconw type remote-access

tunnel-group telconw general-attributes

default-group-policy telconw

!
tunnel-group telconw-2 type remote-access

tunnel-group telconw-2 general-attributes

default-group-policy telconw

!
tunnel-group test type remote-access
tunnel-group test general-attributes
default-group-policy telconw

Above is four groups I see

Now issue I see in config 

1- you use group list not group url 

https://integratingit.wordpress.com/2022/03/23/asa-group-url-and-alias/

2- the first group defualtWEBVPN have no ip and no group name and it use defualt group policy' here we can add noaccess.

Note:-I think if we solve point one then no need to use tunnel group defualtWEBVPN anymore at all

MHM

@MHM Cisco World 
I have group URL but i delete because may be see public IP for my LAB . 
as your explain it's mean cannot delete or disable defualtWEBVPN  or not ?
Because if client try to connect https://x.x.x.x    it's always to connect because use defualtWEBVPN 

It connect because there is tunnel group  DefaultWEBVPNGroup (I dont see why you use it) which use group policy DfltGrpPolicy

So we need to change DfltGrpPolicy with noaccess (have login 0) 

So he can not access.

MHM