Surge's rule system provides rules based on User-Agent for identification. Please note the following when using this rule:

1. This rule only applies to HTTP/HTTPS requests. If the HTTP header is extracted from a raw TCP request, the rule will not work, and the force-http-engine parameter needs to be configured. See Official Guidance：Understanding Surge for details.

2. For HTTPS requests, there are User-Agents for CONNECT requests sent to the HTTP proxy and the actual HTTP requests. The contents of the two may be the same or different. The former is usually generated by the system and cannot be adjusted by the app. When MITM is not enabled, matching only applies to the former. When MITM is enabled, it only applies to the latter.

3. In iOS 15 and later, the system no longer provides User-Agent in CONNECT requests for privacy protection. This means that for all HTTPS requests, when MITM is not enabled, User-Agent is invisible, and the rule does not work.