*** http.c.orig	Tue Mar 27 08:08:00 2007
--- http.c	Fri Jun  1 21:19:00 2007
***************
*** 1194,1199 ****
--- 1194,1233 ----
  	    if (!flags.front_end_https)
  		httpHeaderAddEntry(hdr_out, httpHeaderEntryClone(e));
  	    break;
+ 
+ 	case HDR_USER_AGENT:
+ //	      debug(1,1) ("USER_AGENT0:%s\n",strBuf(e->value));
+ 	      if (1 == httpHdrMangle(e,orig_request)) {
+ //		debug(1,1) ("USER_AGENT1:%s\n",strBuf(e->value));
+ 		httpHeaderAddEntry(hdr_out, httpHeaderEntryClone(e));
+ 	      }
+ 	  break;
+ 
+ 	case HDR_REFERER:
+ 	    {
+ 	      char *h,*r;
+ 	      int hl,rval; 
+ 	      h = orig_request->host;
+ 	      r = strBuf(e->value);
+ 	      hl = strlen(orig_request->host);
+ //	      debug(1,1) ("REFERER0:%s:%s\n",orig_request->host,strBuf(e->value));
+ 	      if (0 != (rval=httpHdrMangle(e,orig_request))) {
+ //		debug(1,1) ("REFERER2:%s:%s\n",orig_request->host,strBuf(e->value));
+ 		  httpHeaderAddEntry(hdr_out, httpHeaderEntryClone(e));
+ 	      }
+ 	      else
+ 	      if ( strncmp("http://",r,7 /*strlen("http://")*/) == 0 ) {
+ 		r += 7; 
+ 		if( (strncmp( h,r,hl ) == 0) 
+ 		   && ( *(r + hl) == '/' || *(r +  hl) == '\0' ) ) {
+ 		       httpHeaderAddEntry(hdr_out, httpHeaderEntryClone(e));
+ //		      debug(1,1) ("REFERER1:%s:%s\n",orig_request->host,strBuf(e->value));
+ 		}
+ 	      }
+ //      		debug(1,1) ("REFERER2:rval:%d\n",rval);
+ 	    }
+             break;
+ 
  	default:
  	    /* pass on all other header fields */
  	    httpHeaderAddEntry(hdr_out, httpHeaderEntryClone(e));
*** HttpHeaderTools.c.orig	Thu Jul 27 05:09:33 2006
--- HttpHeaderTools.c	Fri Jun  1 21:19:00 2007
***************
*** 430,436 ****
   * httpHdrMangle checks the anonymizer (header_access) configuration.
   * Returns 1 if the header is allowed.
   */
! static int
  httpHdrMangle(HttpHeaderEntry * e, request_t * request)
  {
      int retval = 1;
--- 430,436 ----
   * httpHdrMangle checks the anonymizer (header_access) configuration.
   * Returns 1 if the header is allowed.
   */
! int
  httpHdrMangle(HttpHeaderEntry * e, request_t * request)
  {
      int retval = 1;
***************
*** 478,484 ****
      HttpHeaderPos p = HttpHeaderInitPos;
      int removed_headers = 0;
      while ((e = httpHeaderGetEntry(l, &p))) {
! 	if (0 == httpHdrMangle(e, request)) {
  	    httpHeaderDelAt(l, p);
  	    removed_headers++;
  	}
--- 478,486 ----
      HttpHeaderPos p = HttpHeaderInitPos;
      int removed_headers = 0;
      while ((e = httpHeaderGetEntry(l, &p))) {
! 	if ( (0 == httpHdrMangle(e, request)) &&
! 	    ((e->id) != HDR_REFERER) &&
! 	    ((e->id) != HDR_USER_AGENT) ) {
  	    httpHeaderDelAt(l, p);
  	    removed_headers++;
  	}