diff --git a/ChangeLog b/ChangeLog
index 98a60b73..089d4381 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+fwknop-2.6.11 (04//2019):
+    - [server] Add ALLOW_ANY_USER_AGENT for ENABLE_SPA_OVER_HTTP mode so that
+      fwknopd will accept any User-Agent string coming from the client. By
+      default this is disabled, so only SPA packets with a User-Agent string
+      that begins with 'Fwknop' will be accepted. Just set this variable to
+      'Y' to override this. Then, on the fwknop client command line, use the
+      --user-agent option to specify any desired User-Agent string. This
+      feature was added to close issue #296 reported by github user
+      @fishcreek.
+
 fwknop-2.6.10 (08/06/2018):
     - [server] Add MAX_FW_TIMEOUT to access.conf stanzas to allow a maximum
       number of seconds for client-specified timeouts in SPA packets. This
diff --git a/Makefile.am b/Makefile.am
index 160142fa..b5692783 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -352,8 +352,10 @@ EXTRA_DIST = \
     test/conf/udp_server_fwknopd.conf \
     test/conf/spa_over_http_fwknopd.conf \
     test/conf/spa_over_http.pcap \
+    test/conf/spa_allow_any_user_agent.pcap \
     test/conf/spa_x_forwarded_for.pcap \
     test/conf/spa_x_forwarded_for_fwknopd.conf \
+    test/conf/spa_allow_any_user_agent_fwknopd.conf \
     test/conf/ipt_snat_fwknopd.conf \
     test/conf/firewd_snat_fwknopd.conf \
     test/conf/ipt_snat_no_translate_ip_fwknopd.conf \
diff --git a/doc/fwknopd.man.asciidoc b/doc/fwknopd.man.asciidoc
index 24669bff..c906f1af 100644
--- a/doc/fwknopd.man.asciidoc
+++ b/doc/fwknopd.man.asciidoc
@@ -390,6 +390,13 @@ the '@sysconfdir@/fwknop/fwknopd.conf' file for additional details.
     over TCP/80 connections and a web server should be running on the same
     server as *fwknopd*.
 
+*ALLOW_ANY_USER_AGENT* '<Y/N>'::
+    When *fwknopd* is configured to acquire SPA data from HTTP requests (i.e.
+    when ``ENABLE_SPA_OVER_HTTP'' is set to ``Y''), control whether to require
+    the User-Agent from the client to start with the string 'Fwknop'. The
+    default is ``N'' to require this, but if set to ``Y'', then *fwknopd* will
+    allow any User-Agent string to be set on incoming SPA packets.
+
 *ENABLE_X_FORWARDED_FOR* '<Y/N>'::
     Allows *fwknopd* to use the X-Forwarded-for header from a captured SPA
     packet over HTTP as the source IP. This can happen when using SPA through
@@ -398,7 +405,7 @@ the '@sysconfdir@/fwknop/fwknopd.conf' file for additional details.
 *ENABLE_TCP_SERVER* '<Y/N>'::
     Enable the fwknopd TCP server. This is a "dummy" TCP server that will
     accept TCP connection requests on the specified TCPSERV_PORT.
-    If set to "Y", fwknopd will fork off a child process to listen for, and
+    If set to ``Y'', fwknopd will fork off a child process to listen for, and
     accept incoming TCP request. This server only accepts the
     request. It does not otherwise communicate. This is only to allow the
     incoming SPA over TCP packet which is detected via PCAP. The connection
@@ -443,8 +450,8 @@ the '@sysconfdir@/fwknop/fwknopd.conf' file for additional details.
     sniffing interface. In the later case, this can be useful to have fwknopd
     sniff SPA packets that are forwarded through a system and destined for a
     different network. If the sniffing interface is the egress interface for
-    such packets, then this variable will need to be set to "Y" in order for
-    fwknopd to see them. The default is "N" so that fwknopd only looks for SPA
+    such packets, then this variable will need to be set to ``Y'' in order for
+    fwknopd to see them. The default is ``N'' so that fwknopd only looks for SPA
     packets that are received on the sniffing interface (note that this is
     independent of promiscuous mode).
 
diff --git a/server/cmd_opts.h b/server/cmd_opts.h
index a2feed5d..114400b3 100644
--- a/server/cmd_opts.h
+++ b/server/cmd_opts.h
@@ -56,6 +56,7 @@ static char *config_map[NUMBER_OF_CONFIG_ENTRIES] = {
     "CMD_EXEC_TIMEOUT",
     //"BLACKLIST",
     "ENABLE_SPA_OVER_HTTP",
+    "ALLOW_ANY_USER_AGENT",
     "ENABLE_TCP_SERVER",
     "TCPSERV_PORT",
     "ENABLE_UDP_SERVER",
diff --git a/server/config_init.c b/server/config_init.c
index 8cc1828a..47fd706e 100644
--- a/server/config_init.c
+++ b/server/config_init.c
@@ -911,6 +911,16 @@ validate_options(fko_srv_options_t *opts)
         set_config_entry(opts, CONF_ENABLE_SPA_OVER_HTTP,
             DEF_ENABLE_SPA_OVER_HTTP);
 
+    /* When CONF_ENABLE_SPA_OVER_HTTP is enabled, control whether to require the
+     * User-Agent string to begin with 'Fwknop'. The default is 'N', but setting
+     * this to 'Y' in the fwknopd.conf file allows any User-Agent to be used.
+     * Then, from the client, a custom User-Agent can be set with the
+     * '--user-agent' command line option.
+    */
+    if(opts->config[CONF_ALLOW_ANY_USER_AGENT] == NULL)
+        set_config_entry(opts, CONF_ALLOW_ANY_USER_AGENT,
+            DEF_ALLOW_ANY_USER_AGENT);
+
     /* Enable TCP server.
     */
     if(opts->config[CONF_ENABLE_TCP_SERVER] == NULL)
diff --git a/server/fwknopd_common.h b/server/fwknopd_common.h
index 29959952..837aef8a 100644
--- a/server/fwknopd_common.h
+++ b/server/fwknopd_common.h
@@ -108,6 +108,7 @@
   #define DEF_SUDO_EXE                   "/usr/bin/sudo"
 #endif
 #define DEF_ENABLE_SPA_OVER_HTTP        "N"
+#define DEF_ALLOW_ANY_USER_AGENT        "N"
 #define DEF_ENABLE_TCP_SERVER           "N"
 #define DEF_TCPSERV_PORT                "62201"
 #if USE_LIBPCAP
@@ -257,6 +258,7 @@ enum {
     CONF_CMD_EXEC_TIMEOUT,
     //CONF_BLACKLIST,
     CONF_ENABLE_SPA_OVER_HTTP,
+    CONF_ALLOW_ANY_USER_AGENT,
     CONF_ENABLE_TCP_SERVER,
     CONF_TCPSERV_PORT,
     CONF_ENABLE_UDP_SERVER,
diff --git a/server/incoming_spa.c b/server/incoming_spa.c
index 968162c9..ccbf2a4f 100644
--- a/server/incoming_spa.c
+++ b/server/incoming_spa.c
@@ -96,14 +96,21 @@ preprocess_spa_data(const fko_srv_options_t *opts, spa_pkt_info_t *spa_pkt, spa_
      * assume it is a SPA over HTTP request.
     */
     if(strncasecmp(opts->config[CONF_ENABLE_SPA_OVER_HTTP], "Y", 1) == 0
-      && strncasecmp(ndx, "GET /", 5) == 0
-      && strstr(ndx, "User-Agent: Fwknop") != NULL)
+      && strncasecmp(ndx, "GET /", 5) == 0)
     {
         /* This looks like an HTTP request, so let's see if we are
          * configured to accept such request and if so, find the SPA
          * data.
         */
 
+        /* First see if we require the User-Agent to start with 'Fwknop'
+        */
+        if(strncasecmp(opts->config[CONF_ALLOW_ANY_USER_AGENT], "N", 1) == 0
+          && strstr(ndx, "User-Agent: Fwknop") == NULL)
+        {
+            return(SPA_MSG_BAD_DATA);
+        }
+
         /* Process X-Forwarded-For header */
 
         xff = strcasestr(ndx, "X-Forwarded-For: ");
diff --git a/test/conf/spa_allow_any_user_agent.pcap b/test/conf/spa_allow_any_user_agent.pcap
new file mode 100644
index 00000000..d98147a0
Binary files /dev/null and b/test/conf/spa_allow_any_user_agent.pcap differ
diff --git a/test/conf/spa_allow_any_user_agent_fwknopd.conf b/test/conf/spa_allow_any_user_agent_fwknopd.conf
new file mode 100644
index 00000000..f1a87020
--- /dev/null
+++ b/test/conf/spa_allow_any_user_agent_fwknopd.conf
@@ -0,0 +1,2 @@
+ENABLE_SPA_OVER_HTTP        Y;
+ALLOW_ANY_USER_AGENT        Y;
diff --git a/test/test-fwknop.pl b/test/test-fwknop.pl
index a4451e22..6b144d7d 100755
--- a/test/test-fwknop.pl
+++ b/test/test-fwknop.pl
@@ -45,6 +45,7 @@ our $multi_pkts_pcap_file = "$conf_dir/multi_pkts.pcap";
 our $fcs_pcap_file        = "$conf_dir/fcs_spa.pcap";
 our $spa_over_http_pcap_file = "$conf_dir/spa_over_http.pcap";
 our $spa_x_forwarded_for_pcap_file = "$conf_dir/spa_x_forwarded_for.pcap";
+our $spa_allow_any_user_agent_pcap_file = "$conf_dir/spa_allow_any_user_agent.pcap";
 
 our $lib_dir = '../lib/.libs';
 
@@ -637,6 +638,7 @@ our %cf = (
     'udp_server'                   => "$conf_dir/udp_server_fwknopd.conf",
     'spa_over_http'                => "$conf_dir/spa_over_http_fwknopd.conf",
     'spa_x_forwarded_for'          => "$conf_dir/spa_x_forwarded_for_fwknopd.conf",
+    'spa_allow_any_user_agent'     => "$conf_dir/spa_allow_any_user_agent_fwknopd.conf",
     'tcp_pcap_filter'              => "$conf_dir/tcp_pcap_filter_fwknopd.conf",
     'icmp_pcap_filter'             => "$conf_dir/icmp_pcap_filter_fwknopd.conf",
     'open_ports_access'            => "$conf_dir/open_ports_access.conf",
diff --git a/test/tests/rijndael_hmac.pl b/test/tests/rijndael_hmac.pl
index 0a92db4e..a637c47a 100644
--- a/test/tests/rijndael_hmac.pl
+++ b/test/tests/rijndael_hmac.pl
@@ -611,6 +611,19 @@
             "--verbose --verbose --verbose",
         'server_positive_output_matches' => [qr/Added access rule.*\sfor 1.2.3.4/],
     },
+    {
+        'category' => 'Rijndael+HMAC',
+        'subcategory' => 'server',
+        'detail'   => '--pcap-file any User-Agent',
+        'function' => \&process_pcap_file_directly,
+        'cmdline'  => '',
+        'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'spa_allow_any_user_agent'} -a $cf{'hmac_access'} " .
+            "-d $default_digest_file -p $default_pid_file " .
+            "--pcap-file $spa_allow_any_user_agent_pcap_file --foreground $verbose_str " .
+            "--pcap-filter 'port 80' " .
+            "--verbose --verbose --verbose",
+        'server_positive_output_matches' => [qr/Added access rule.*\sfor 1.2.3.4/],
+    },
 
     {
         'category' => 'Rijndael+HMAC',