diff --git a/lib/roles/http/parsers.c b/lib/roles/http/parsers.c
index 3b2b64c88..778d96a58 100644
--- a/lib/roles/http/parsers.c
+++ b/lib/roles/http/parsers.c
@@ -555,16 +555,22 @@ int lws_hdr_copy(struct lws *wsi, char *dst, int len,
 		return -1;
 
 	n = wsi->http.ah->frag_index[h];
+	if (h == WSI_TOKEN_HTTP_URI_ARGS)
+		lwsl_err("%s: WSI_TOKEN_HTTP_URI_ARGS start frag %d\n", __func__, n);
+
+
 	if (!n)
 		return 0;
-
 	do {
 		comma = (wsi->http.ah->frags[n].nfrag) ? 1 : 0;
 
-		//lwsl_notice("'%.*s'\n", (int)wsi->http.ah->frags[n].len, &wsi->http.ah->data[wsi->http.ah->frags[n].offset]);
+		if (h == WSI_TOKEN_HTTP_URI_ARGS)
+			lwsl_notice("%s: WSI_TOKEN_HTTP_URI_ARGS '%.*s'\n", __func__, (int)wsi->http.ah->frags[n].len, &wsi->http.ah->data[wsi->http.ah->frags[n].offset]);
 
-		if (wsi->http.ah->frags[n].len + comma >= len)
+		if (wsi->http.ah->frags[n].len + comma >= len) {
+			lwsl_notice("blowout len\n");
 			return -1;
+		}
 		strncpy(dst, &wsi->http.ah->data[wsi->http.ah->frags[n].offset],
 		        wsi->http.ah->frags[n].len);
 		dst += wsi->http.ah->frags[n].len;
@@ -575,12 +581,18 @@ int lws_hdr_copy(struct lws *wsi, char *dst, int len,
 			if (h == WSI_TOKEN_HTTP_COOKIE || h == WSI_TOKEN_HTTP_SET_COOKIE)
 				*dst++ = ';';
 			else
-				*dst++ = ',';
+				if (h == WSI_TOKEN_HTTP_URI_ARGS)
+					*dst++ = '&';
+				else
+					*dst++ = ',';
 		}
 				
 	} while (n);
 	*dst = '\0';
 
+	if (h == WSI_TOKEN_HTTP_URI_ARGS)
+		lwsl_err("%s: WSI_TOKEN_HTTP_URI_ARGS toklen %d\n", __func__, (int)toklen);
+
 	return toklen;
 }
 
diff --git a/lib/roles/http/server/server.c b/lib/roles/http/server/server.c
index 7f0cded9c..82a5780a5 100644
--- a/lib/roles/http/server/server.c
+++ b/lib/roles/http/server/server.c
@@ -1161,11 +1161,16 @@ lws_http_proxy_start(struct lws *wsi, const struct lws_http_mount *hit,
 		i.port = atoi(pcolon + 1);
 
 	n = lws_snprintf(rpath, sizeof(rpath) - 1, "/%s/%s",
-			 pslash + 1, uri_ptr + hit->mountpoint_len) - 2;
+			 pslash + 1, uri_ptr + hit->mountpoint_len) - 1;
 	lws_clean_url(rpath);
+	n = (int)strlen(rpath);
+	if (n && rpath[n - 1] == '/')
+		n--;
+
 	na = lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_URI_ARGS);
 	if (na) {
 		char *p;
+		int budg;
 
 		if (!n) /* don't start with the ?... use the first / if so */
 			n++;
@@ -1181,18 +1186,17 @@ lws_http_proxy_start(struct lws *wsi, const struct lws_http_mount *hit,
 		}
 
 		*p++ = '?';
-		if (lws_hdr_copy(wsi, p,
+		budg = lws_hdr_copy(wsi, p,
 			     (int)(&rpath[sizeof(rpath) - 1] - p),
-			     WSI_TOKEN_HTTP_URI_ARGS) > 0)
-			while (na--) {
-				if (*p == '\0')
-					*p = '&';
-				p++;
-			}
+			     WSI_TOKEN_HTTP_URI_ARGS);
+	       if (budg > 0)
+		       p += budg;
+
 		*p = '\0';
 	}
 
 	i.path = rpath;
+	lwsl_notice("%s: proxied path '%s'\n", __func__, i.path);
 
 	/* incoming may be h1 or h2... if he sends h1 HOST, use that
 	 * directly, otherwise we must convert h2 :authority to h1