I see that nginx as proxy rejects headers with name like “auth.client”
“auth.token” (with dot in their name) and stops parsing further headers.
Thus the request to the upstream server doesn’t contain these headers.
the logs, it says “client sent invalid header line”.
Why is having a dot in the header name considered invalid? I searched
relevant RFCs (2616 and 822) and they don’t seem to exclude dot. May I
the reason for nginx to reject headers with dot while other servers like
Apache httpd parse headers with dot just fine.
Also, in the nginx source I noticed a undocumented directive
“ignore_invalid_headers” which is on by default. It when set to off,
nginx passes such headers to the upstream server properly.
Is it safe to use this directive? Are there any side-effects,
issues related to using it?