diff --git a/htroot/User.html b/htroot/User.html
index f23dcb27a..029c02eea 100644
--- a/htroot/User.html
+++ b/htroot/User.html
@@ -11,7 +11,8 @@
     <p>
       You are not logged in.<br />
       <form action="User.html" method="post" accept-charset="UTF-8">
-        Username: <input type="text" name="username" /><br />
+        <input type="hidden" name="returnto" value="#[returnto]#" />
+        Username: <input type="text" name="username" value="#[username]#" /><br />
         Password: <input type="password" name="password" /><br />
         <input type="submit" value="login" />
       </form>
diff --git a/htroot/User.java b/htroot/User.java
index caae52a96..d26596651 100644
--- a/htroot/User.java
+++ b/htroot/User.java
@@ -52,6 +52,8 @@ public class User{
         prop.put("logged_in", "0");
         prop.put("logged-in_limit", "0");
         prop.put("status", "0");
+        prop.put("logged-in_username", "");
+        prop.put("logged-in_returnto", "");
         //identified via HTTPPassword
         entry=sb.userDB.proxyAuth((requestHeader.get(RequestHeader.AUTHORIZATION, "xxxxxx")));
         if(entry != null){
@@ -91,8 +93,11 @@ public class User{
         //identified via form-login
         //TODO: this does not work for a static admin, yet.
         }else if(post != null && post.containsKey("username") && post.containsKey("password")){
+        	if (post.containsKey("returnto"))
+        		prop.putHTML("logged-in_returnto", post.get("returnto"));
             final String username=post.get("username");
             final String password=post.get("password");
+            prop.put("logged-in_username", username);
             
             entry=sb.userDB.passwordAuth(username, password);
             final boolean staticAdmin = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").equals(
@@ -155,6 +160,9 @@ public class User{
             if(! (requestHeader.get(RequestHeader.AUTHORIZATION, "xxxxxx")).equals("xxxxxx")){
                 prop.put("AUTHENTICATE","admin log-in");
             }
+            if(post.containsKey("returnto")){
+                prop.put("LOCATION", post.get("returnto"));
+            }
         }
         // return rewrite properties
         return prop;
diff --git a/source/de/anomic/data/UserDB.java b/source/de/anomic/data/UserDB.java
index 3cb270a8c..f7bfae34b 100644
--- a/source/de/anomic/data/UserDB.java
+++ b/source/de/anomic/data/UserDB.java
@@ -210,7 +210,7 @@ public final class UserDB {
                 } catch (final Exception e) {
                     Log.logException(e);
                 }
-                return null;
+                return entry;
             }
             return entry;
         }
diff --git a/source/de/anomic/http/server/HTTPDFileHandler.java b/source/de/anomic/http/server/HTTPDFileHandler.java
index 1a06f05c7..d81fd7e2e 100644
--- a/source/de/anomic/http/server/HTTPDFileHandler.java
+++ b/source/de/anomic/http/server/HTTPDFileHandler.java
@@ -105,6 +105,7 @@ import net.yacy.kelondro.util.ByteBuffer;
 import net.yacy.kelondro.util.FileUtils;
 import net.yacy.kelondro.util.MemoryControl;
 import net.yacy.visualization.RasterPlotter;
+import de.anomic.data.UserDB;
 import de.anomic.search.Switchboard;
 import de.anomic.search.SwitchboardConstants;
 import de.anomic.server.serverClassLoader;
@@ -537,7 +538,9 @@ public final class HTTPDFileHandler {
             // implement proxy via url (not in servlet, because we need binary access on ouputStream)
             if (path.equals("/proxy.html")) {
             	final List<Pattern> urlProxyAccess = Domains.makePatterns(sb.getConfig("proxyURL.access", "127.0.0.1"));
-            	if (sb.getConfigBool("proxyURL", false) && Domains.matchesList(clientIP, urlProxyAccess)) {
+                UserDB.Entry user = sb.userDB.getUser(requestHeader);
+                boolean user_may_see_proxyurl = Domains.matchesList(clientIP, urlProxyAccess) || (user!=null && user.hasRight(UserDB.AccessRight.PROXY_RIGHT));
+            	if (sb.getConfigBool("proxyURL", false) && user_may_see_proxyurl) {
             		doURLProxy(args, conProp, requestHeader, out);
             		return;
             	}
@@ -991,7 +994,7 @@ public final class HTTPDFileHandler {
                         final ChunkedOutputStream chos = new ChunkedOutputStream(out);
                         // GZIPOutputStream does not implement flush (this is a bug IMHO)
                         // so we can't compress this stuff, without loosing the cool SSI trickle feature
-                        ServerSideIncludes.writeSSI(o, chos, realmProp, clientIP);
+                        ServerSideIncludes.writeSSI(o, chos, realmProp, clientIP, requestHeader);
                         //chos.write(result);
                         chos.finish();
                     } else {
@@ -1005,14 +1008,14 @@ public final class HTTPDFileHandler {
 
                         if (zipContent) {
                             GZIPOutputStream zippedOut = new GZIPOutputStream(o);
-                            ServerSideIncludes.writeSSI(o1, zippedOut, realmProp, clientIP);
+                            ServerSideIncludes.writeSSI(o1, zippedOut, realmProp, clientIP, requestHeader);
                             //httpTemplate.writeTemplate(fis, zippedOut, tp, "-UNRESOLVED_PATTERN-".getBytes("UTF-8"));
                             zippedOut.finish();
                             zippedOut.flush();
                             zippedOut.close();
                             zippedOut = null;
                         } else {
-                            ServerSideIncludes.writeSSI(o1, o, realmProp, clientIP);
+                            ServerSideIncludes.writeSSI(o1, o, realmProp, clientIP, requestHeader);
                             //httpTemplate.writeTemplate(fis, o, tp, "-UNRESOLVED_PATTERN-".getBytes("UTF-8"));
                         }
                         if (method.equals(HeaderFramework.METHOD_HEAD)) {
diff --git a/source/de/anomic/http/server/ServerSideIncludes.java b/source/de/anomic/http/server/ServerSideIncludes.java
index 3c599a23c..d6ff63d86 100644
--- a/source/de/anomic/http/server/ServerSideIncludes.java
+++ b/source/de/anomic/http/server/ServerSideIncludes.java
@@ -39,11 +39,11 @@ import net.yacy.kelondro.util.ByteBuffer;
 
 public class ServerSideIncludes {
 
-    public static void writeSSI(final ByteBuffer in, final OutputStream out, final String authorization, final String requesthost) throws IOException {
-        writeSSI(in, 0, out, authorization, requesthost);
+    public static void writeSSI(final ByteBuffer in, final OutputStream out, final String authorization, final String requesthost, final RequestHeader requestHeader) throws IOException {
+        writeSSI(in, 0, out, authorization, requesthost, requestHeader);
     }
 
-    public static void writeSSI(final ByteBuffer in, int off, final OutputStream out, final String authorization, final String requesthost) throws IOException {
+    public static void writeSSI(final ByteBuffer in, int off, final OutputStream out, final String authorization, final String requesthost, final RequestHeader requestHeader) throws IOException {
         int p = in.indexOf(ASCII.getBytes("<!--#"), off);
         int q;
         while (p >= 0) {
@@ -53,7 +53,7 @@ public class ServerSideIncludes {
             } else {
                 out.write(in.getBytes(off, p - off));
             }
-            parseSSI(in, p, out, authorization, requesthost);
+            parseSSI(in, p, out, authorization, requesthost, requestHeader);
             off = q + 3;
             p = in.indexOf(ASCII.getBytes("<!--#"), off);
         }
@@ -64,17 +64,17 @@ public class ServerSideIncludes {
         }
     }
 
-    private static void parseSSI(final ByteBuffer in, final int off, final OutputStream out, final String authorization, final String requesthost) {
+    private static void parseSSI(final ByteBuffer in, final int off, final OutputStream out, final String authorization, final String requesthost, final RequestHeader requestHeader) {
         if (in.startsWith(ASCII.getBytes("<!--#include virtual=\""), off)) {
             final int q = in.indexOf(ASCII.getBytes("\""), off + 22);
             if (q > 0) {
                 final String path = in.toString(off + 22, q - off - 22);
-                writeContent(path, out, authorization, requesthost);
+                writeContent(path, out, authorization, requesthost, requestHeader);
             }
         }
     }
 
-    private static void writeContent(String path, final OutputStream out, final String authorization, final String requesthost) {
+    private static void writeContent(String path, final OutputStream out, final String authorization, final String requesthost, final RequestHeader requestHeader) {
         // check if there are arguments in path string
         String args = "";
         final int argpos = path.indexOf('?');
@@ -92,6 +92,9 @@ public class ServerSideIncludes {
         conProp.put(HeaderFramework.CONNECTION_PROP_HTTP_VER, HeaderFramework.HTTP_VERSION_0_9);
         conProp.put(HeaderFramework.CONNECTION_PROP_CLIENTIP, requesthost);
         header.put(RequestHeader.AUTHORIZATION, authorization);
+        if (requestHeader.containsKey(RequestHeader.COOKIE))
+        	header.put(RequestHeader.COOKIE, requestHeader.get(RequestHeader.COOKIE));
+        header.put(RequestHeader.REFERER, requestHeader.get(RequestHeader.CONNECTION_PROP_PATH));
         HTTPDFileHandler.doGet(conProp, header, out);
     }
 }