Headers

Cookies

Format example using curl --cookie "access_token=123"

Cookie: access_token=123

NGINX LUA Example

local access_token = ngx.var.cookie_access_token
ngx.say(access_token)

nginx lua raw/get_headers to extract and check header key/value pairs

    ngx.say(ngx.req.raw_header())
    local h = ngx.req.get_headers()
    for k, v in pairs(h) do
        if k == "numifex_token" then
            ngx.say("allow")
            ngx.say(k, ": ", v)
        end
    end

Using underscores in header

In NGINX enable this under server by adding underscores_in_headers off;

• https://github.com/ledgetech/lua-resty-http/issues/114
• https://stackoverflow.com/questions/22856136/why-underscores-are-forbidden-in-http-header-names - They are not forbidden. It's CGI legacy
• https://serverfault.com/questions/855720/how-to-prevent-haproxy-from-dropping-http-headers-with-underscores

If you do not explicitly set underscores_in_headers on;, nginx will silently drop HTTP headers with underscores (which are perfectly valid according to the HTTP standard). This is done in order to prevent ambiguities when mapping headers to CGI variables, as both dashes and underscores are mapped to underscores during that process.

http://nginx.org/en/docs/http/ngx_http_core_module.html#underscores_in_headers

Syntax: underscores_in_headers on | off;
Default:    
underscores_in_headers off;
Context:    http, server

Security