diff --git a/src/nginxconfig.ejs b/src/nginxconfig.ejs
index 0dd7e7b07..e5b6e3b49 100644
--- a/src/nginxconfig.ejs
+++ b/src/nginxconfig.ejs
@@ -275,6 +275,9 @@ server {
         if ($http_user_agent ~* "docker") {
             return 401;
         }
+        if ($http_user_agent ~* "container") {
+            return 401;
+        }
         return 302 /login?redirect=$request_uri;
     }
 
diff --git a/src/proxyauth.js b/src/proxyauth.js
index 12046603a..f7bea4a25 100644
--- a/src/proxyauth.js
+++ b/src/proxyauth.js
@@ -108,7 +108,7 @@ function isBrowser(req) {
     if (!userAgent) return false;
 
     // https://github.com/docker/engine/blob/master/dockerversion/useragent.go#L18
-    return !userAgent.toLowerCase().includes('docker');
+    return !userAgent.toLowerCase().includes('docker') && !userAgent.toLowerCase().includes('container');
 }
 
 // called by nginx to authorize any protected route. this route must return only 2xx or 401/403 (http://nginx.org/en/docs/http/ngx_http_auth_request_module.html)