diff --git a/doc/icecast2_listenerauth.html b/doc/icecast2_listenerauth.html
index 5ddd7756..a649d642 100755
--- a/doc/icecast2_listenerauth.html
+++ b/doc/icecast2_listenerauth.html
@@ -67,8 +67,13 @@ sent back then the listener connecting is allowed to continue, if not, an error
 to the listener.</p>
 <p>The URLs specified will invoke some web server scripts like PHP to do any work that they
 may choose to do. All that is required of the scripting language is that POST information can
-be handled and a response header can be sent back. libcurl is used for the requesting so 
-https connections can be used.</p>
+be handled and response headers can be sent back. libcurl is used for the requesting so 
+https connections may be possible, but be aware of the extra overhead involved.</p>
+<p>The useragent sent in each curl request will represent the icecast server version. The
+response headers will depend on whether the listener is to be accepted.  In the case of
+rejection, a response header <pre>icecast-auth-message: reason </pre> should also be returned
+for placing in the log files.
+</p>
 <p>In order to use URL based listener authentication, you MUST configure a mount specific
 option.  This means that you have to provide a &lt;mount&gt; section in the main icecast
 config file.  The following shows the list of options available :</p>
@@ -82,7 +87,7 @@ config file.  The following shows the list of options available :</p>
             &lt;option name="remove" value="http://myauthserver.com/listener_left.php"/&gt;
             &lt;option name="username" value="user"/&gt;
             &lt;option name="password" value="pass"/&gt;
-            &lt;option name="header" value="icecast-auth-user: 1"/&gt;
+            &lt;option name="auth_header" value="icecast-auth-user: 1"/&gt;
             &lt;option name="timelimit-header" value="icecast-auth-timelimit:"/&gt;
         &lt;/authentication&gt;
     &lt;/mount&gt;
@@ -131,9 +136,9 @@ note that each option data is escaped before being passed via POST
 </pre>
 <p>Again this is similar to the add option, the difference being that a duration is passed
 reflecting the number of seconds the listener was connected for </p>
-<h3>header</h3>
-<p>The response header returned from these requests that allows the authencation to take
-place can be stated here. The default is 
+<h3>auth_header</h3>
+<p>The expected response header to be returned that allows the authencation to take
+place may be specified here. The default is 
 <pre>icecast-auth-user: 1</pre>
 but it could can anything you like, for instance
 <pre>HTTP 200 OK</pre>
@@ -142,7 +147,6 @@ but it could can anything you like, for instance
 figure (which represents seconds) then that is how long the client will remain connected for.
 </p>
 <br />
-<br />
 <h2>A note about players and authentication</h2>
 <p>We do not have an exaustive list of players that support listener authentication.  We use
 standard HTTP basic authentication, and in general, many media players support this if they
diff --git a/src/auth_url.c b/src/auth_url.c
index 4c1c6214..8b0b323a 100644
--- a/src/auth_url.c
+++ b/src/auth_url.c
@@ -125,6 +125,16 @@ static int handle_returned_header (void *ptr, size_t size, size_t nmemb, void *s
             sscanf ((char *)ptr+url->timelimit_header_len, "%u\r\n", &limit);
             client->con->discon_time = global.time + limit;
         }
+        if (strncasecmp (ptr, "icecast-auth-message: ", 22) == 0)
+        {
+            char *eol;
+            snprintf (url->errormsg, sizeof (url->errormsg), "%s", (char*)ptr+22);
+            eol = strchr (url->errormsg, '\r');
+            if (eol == NULL)
+                eol = strchr (url->errormsg, '\n');
+            if (eol)
+                *eol = '\0';
+        }
     }
 
     return (int)bytes;
@@ -146,7 +156,7 @@ static auth_result url_remove_client (auth_client *auth_user)
     char *username, *password, *mount, *server;
     ice_config_t *config;
     int port;
-    char post[1024];
+    char post [4096];
 
     config = config_get_config ();
     server = util_url_escape (config->hostname);
@@ -199,7 +209,7 @@ static auth_result url_add_client (auth_client *auth_user)
     char *agent, *user_agent, *username, *password;
     char *mount, *ipaddr, *server;
     ice_config_t *config;
-    char post[1024];
+    char post [4096];
 
     if (url->addurl == NULL)
         return AUTH_OK;
@@ -243,6 +253,7 @@ static auth_result url_add_client (auth_client *auth_user)
     curl_easy_setopt (url->handle, CURLOPT_URL, url->addurl);
     curl_easy_setopt (url->handle, CURLOPT_POSTFIELDS, post);
     curl_easy_setopt (url->handle, CURLOPT_WRITEHEADER, auth_user);
+    url->errormsg[0] = '\0';
 
     res = curl_easy_perform (url->handle);
 
@@ -254,6 +265,7 @@ static auth_result url_add_client (auth_client *auth_user)
     /* we received a response, lets see what it is */
     if (client->authenticated)
         return AUTH_OK;
+    INFO2 ("client auth (%s) failed with \"%s\"", url->addurl, url->errormsg);
     return AUTH_FAILED;
 }
 
@@ -394,7 +406,7 @@ int auth_get_url_auth (auth_t *authenticator, config_options_t *options)
             url_info->stream_start = strdup (options->value);
         if(!strcmp(options->name, "end"))
             url_info->stream_end = strdup (options->value);
-        if(!strcmp(options->name, "header"))
+        if(!strcmp(options->name, "auth_header"))
         {
             free (url_info->auth_header);
             url_info->auth_header = strdup (options->value);