User-agent directive?

Hi! I love Caddy!

Is there a directive to do things based on the remote user-agent? I need to disable TLS for a certain ancient tool and could not figure out how to do so.

Hey q, thanks!

The User-Agent is a field on the HTTP header, which is not read until after the TLS handshake completes.

However, you’re in luck, I was literally just tweeting about this:

This does not do exactly what you want, but it lays the groundwork for something like that in the future.

Are you able to configure the tool to access another address? My usual go-to is to create an obscure explicit HTTP subdomain (sneaky date | md5 + usually works) and point the ancient technology there.

The client is trying to add, so if I could make Caddy listen on that domain in HTTP and then not redirect to HTTPS if it is not the specific user-agent that should work. At least that was my idea =)

I cannot reconfigure the tool unfortunately, it is used by a couple of tens of users worldwide and there is no update mechanism. Right now it is unable to do anything anymore. Oops!

Ahh, that part’s easy. I got thrown off a bit when you said you wanted to disable TLS, but what you’re after is disabling Caddy’s automatic HTTPS redirection, because that’s what will be stopping clients from accessing HTTP.

There was a discussion not too long ago about disabling HTTP → HTTPS redirection for a specific group of clients:

There’s an example configuration in the linked post, but the gist is that you’ll need a HTTPS vhost as well as an identical HTTP vhost with extra configuration to redirect all clients who are NOT your updater to the HTTPS site.

Yeah, now that I look at it again, I should have asked “how to not redir HTTP to HTTPS for specific user-agent”.
So, I was just overlooking the {>Header} bit in :slight_smile: Excellent!

This seems to work! Thanks! {
    tls off
    redir 301 {
        if {>User-Agent} not_has "Java"
        if {>User-Agent} not_has "The Other Ancient Client"
        / https://{host}{uri}
} {

PS: Maybe link from to the IF conditions part of

Glad to hear it’s working!

We have a link in the redir docs to the rewrite conditions section, but it’s perhaps not incredibly prominent:

Also, you have tls off in your http:// vhost. I believe that’s unnecessary because specifying the protocol has the same effect.


This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.