Policy based on user-agent string does not match on all requests