Surge Knowledge Base
English
English
  • Surge Knowledge Base
  • Guidelines
    • Smart Group
    • Surge Ponte Guide
    • Surge tvOS
    • Gateway Mode Performance Troubleshooting
    • Detached Profile
  • Technotes
    • TCP Fast Open
    • HTTP Protocol Version
    • Local and Proxy DNS Resolution
    • Testing Strategy for Automatic Policy Groups
    • Differences between REJECT Policies
    • User Agent Rules
    • NAT Types
  • FAQ
    • Surge FAQs
    • Surge iOS TestFlight
    • Surge Mac Reset
  • License
    • Surge Pre-sales FAQs
    • Surge iOS Licensing FAQs
    • Surge iOS Feature Update Subscription
    • Surge Mac Licensing FAQs
  • Release Notes
    • Surge Mac 5.0
    • Surge Mac Release Notes
    • Surge iOS Release Notes
    • Surge Mac Legacy Versions
Powered by GitBook
On this page
  1. Technotes

User Agent Rules

PreviousDifferences between REJECT PoliciesNextNAT Types

Last updated 2 years ago

Surge's rule system provides rules based on User-Agent for identification. Please note the following when using this rule:

  1. This rule only applies to HTTP/HTTPS requests. If the HTTP header is extracted from a raw TCP request, the rule will not work, and the force-http-engine parameter needs to be configured. See for details.

  2. For HTTPS requests, there are User-Agents for CONNECT requests sent to the HTTP proxy and the actual HTTP requests. The contents of the two may be the same or different. The former is usually generated by the system and cannot be adjusted by the app. When MITM is not enabled, matching only applies to the former. When MITM is enabled, it only applies to the latter.

  3. In iOS 15 and later, the system no longer provides User-Agent in CONNECT requests for privacy protection. This means that for all HTTPS requests, when MITM is not enabled, User-Agent is invisible, and the rule does not work.

Official Guidance:Understanding Surge