So I went through the source code and it appears that anything other than a letter, number or underscore is explicitly disallowed in variable names.
However, you can use ${varname} type syntax.
Hence, it's possible to abuse these brackets to allow the use of more characters. Here's my code patch:
--- src/http/ngx_http_script.c
+++ src/http/ngx_http_script.c
@@ -394,11 +394,11 @@
if (ch == '}' && bracket) {
i++;
bracket = 0;
break;
- }
+ } else if (bracket) continue;
if ((ch >= 'A' && ch <= 'Z')
|| (ch >= 'a' && ch <= 'z')
|| (ch >= '0' && ch <= '9')
|| ch == '_')
As it just makes the parser a bit more lenient, it shouldn't cause any side effects.
The above patch allows you to use most characters in variable names, so you could refer to cookies with special names using ${cookie_group[key]}
Hope this post is useful to anyone that finds it.