A large proportion of bot activity occurs by faking useragent and across multiple IPs/ranges, however this usually occurs on IPs belonging to certain hosts and therefore it'd be extremely useful and time saving if we could set up the bot rules using Domain = condition.
User Case 1.
Every so often Amazon AWS adds new additional IPs which are used for bot activity and therefore we have to consistently monitor and quite often miss until significantly hit. Being able to block by domain should alleviate scenarios such as this ie. when new IP ranges by known/suspected host added.
User Case 2.
Been hit by IPs/Ranges belonging to host(s) in Germany/Norway having exported list of IPs via DW there are 427 rows and whilst we could probably assume some as IP ranges we couldn't do so with any certainty for most. Being able to block by domain would reduce time and complexity in setting up the rules.