diff --git a/src/sbbs3/websrvr.c b/src/sbbs3/websrvr.c
index 39ab96a9917c326a274f4c22b0d3c7e168663324..9e970a14ed8a8adf8e3a54cf1ed22f49712a81ce 100644
--- a/src/sbbs3/websrvr.c
+++ b/src/sbbs3/websrvr.c
@@ -1531,6 +1531,20 @@ static BOOL check_ars(http_session_t * session)
 					return(FALSE);
 				if(session->req.auth.algorithm==ALGORITHM_UNKNOWN)
 					return(FALSE);
+				/* Validate rules from RFC-2617 */
+				if(session->req.auth.qop_value==QOP_AUTH
+						|| session->req.auth.qop_value==QOP_AUTH_INT) {
+					if(session->req.auth.cnonce==NULL)
+						return(FALSE);
+					if(session->req.auth.nonce_count==NULL)
+						return(FALSE);
+				}
+				else {
+					if(session->req.auth.cnonce!=NULL)
+						return(FALSE);
+					if(session->req.auth.nonce_count!=NULL)
+						return(FALSE);
+				}
 
 				/* H(A1) */
 				MD5_open(&ctx);
@@ -2234,6 +2248,8 @@ static BOOL parse_headers(http_session_t * session)
 								while(*p && !isspace(*p))
 									p++;
 							}
+							if(session->req.auth.digest_uri==NULL)
+								session->req.auth.digest_uri=strdup(session->req.request_line);
 						}
 					}
 					break;