This is possible in the rules using the "DNS.Lookup" property, and then using the domain you are interested in, however it can cause performance issues if not done right. Does this software run on all devices? Does the software make a request with a special user-agent?
See attached and screenshot below of ruleset that should do the trick (assuming the DNS lookups come back correctly). In your case, add any client IPs or the user-agent into the ruleset criteria, and replace securitysoftware.mwginternal.com within the DNS.Lookup criteria.
Let me know if that helps!
thank you very much for your answer.
The software runs only on one server and we don't want to whitelist its' IP nor the user name.
Unfortunately the requests don't even have a user agent. There is just the connection request to about 90 IPs.
I have one additional criteria:
the dns.lookup attribute should be applied to a list of URLs.
If you have multiple URLs, you'll need to create multiple rules -- one for each domain -- just copy and paste the rule.
If the software only runs on one server, then I think it'd be good to include it in the ruleset criteria, especially if you have multiple domains you want to lookup. We should only do these lookups if the request is based on IP, so I added the criteria "URL.HostIsIP" as a ruleset criteria and AND'd it with the Client.IP criteria.
If we do not have good criteria or limit the scope of these rules it will very likely cause performance issues for other users. At a bare minimum we should use the URL.HostIsIP criteria.
The resulting ruleset would look like this: