checking and reading cookies with nginx

Question

I can't find many resources on how to manage cookies with Nginx…

I've seen that two variables are relatives to cookies, that is $http_cookies and $cookie_COOKIENAME.

Anyway, I absolutely don't know how to read a cookie with Nginx.

For exemple, i'd like to return a 403 if a cookie with a special value exists, i tried this but that doesn't seem to work :

if ($cookie_mycookiename = "509fd1e420bba") { return 403; }

also tried with $http_cookie

if ($http_cookie = "509fd1e420bba") { return 403; }

I really don't understand how Nginx handles cookies…

EDIT here is my full Nginx config

server {
listen 80;
root /home/minou/vids/;
index index.html index.htm;
#server_name localhost;
location / {
First attempt to serve request as a file, then
as directory, then fall back to index.html
try_files $uri $uri/ /index.html;
if ($cookie_fileURI = "6509fd1e420bba") { return 403; }
}
anti hotlinking
location ~* .(jpg)$ {
valid_referers none blocked mywebsite.com www.mywebsite.com;
if ($invalid_referer) { return 403; }
}
}

Answer 1

Please be aware that using if within a location might not work as expected, specially when used together with try_files. See this nginx article (archive.org).

Please try this:

server {
listen 80;

root /home/minou/vids/;
index index.html index.htm;

#server_name localhost;

if ($cookie_fileURI = "6509fd1e420bba") { return 403; }

location / {
    # First attempt to serve request as file, then
    # as directory, then fall back to index.html

    try_files $uri $uri/ /index.html;
}

# anti hotlinking
location ~* \.(jpg)$ {
    valid_referers none blocked mywebsite.com www.mywebsite.com;
    if ($invalid_referer) { return 403; }
}


}

Answer 2

Use below code:

if ($http_cookie ~* "cookiename=cookievalue") {return 403}