-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcURL.txt
577 lines (429 loc) · 26 KB
/
cURL.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
_ _ ____ _
Project ___| | | | _ \| |
/ __| | | | |_) | |
| (__| |_| | _ <| |___
\___|\___/|_| \_\_____|
NAME
curl - transfer a URL
SYNOPSIS
curl [options / URLs]
DESCRIPTION
curl is a tool for transfering data from or to a server. It supports
these protocols: DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS,
IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP,
SFTP, SMB, SMBS, SMTP, SMTPS, TELNET or TFTP. The command is designed
to work without user interaction.
curl offers a busload of useful tricks like proxy support, user authen-
tication, FTP upload, HTTP post, SSL connections, cookies, file trans-
fer resume and more. As you will see below, the number of features will
make your head spin!
curl is powered by libcurl for all transfer-related features. See
libcurl(3) for details.
URL
The URL syntax is protocol-dependent. You'll find a detailed descrip-
tion in RFC 3986.
You can specify multiple URLs or parts of URLs by writing part sets
within braces and quoting the URL as in:
"http://site.{one,two,three}.com"
or you can get sequences of alphanumeric series by using [] as in:
"ftp://ftp.example.com/file[1-100].txt"
"ftp://ftp.example.com/file[001-100].txt" (with leading zeros)
"ftp://ftp.example.com/file[a-z].txt"
Nested sequences are not supported, but you can use several ones next
to each other:
"http://example.com/archive[1996-1999]/vol[1-4]/part{a,b,c}.html"
You can specify any amount of URLs on the command line. They will be
fetched in a sequential manner in the specified order. You can specify
command line options and URLs mixed and in any order on the command
line.
You can specify a step counter for the ranges to get every Nth number
or letter:
"http://example.com/file[1-100:10].txt"
"http://example.com/file[a-z:2].txt"
When using [] or {} sequences when invoked from a command line prompt,
you probably have to put the full URL within double quotes to avoid the
shell from interfering with it. This also goes for other characters
treated special, like for example '&', '?' and '*'.
Provide the IPv6 zone index in the URL with an escaped percentage sign
and the interface name. Like in
"http://[fe80::3%25eth0]/"
If you specify URL without protocol:// prefix, curl will attempt to
guess what protocol you might want. It will then default to HTTP but
try other protocols based on often-used host name prefixes. For exam-
ple, for host names starting with "ftp." curl will assume you want to
speak FTP.
curl will do its best to use what you pass to it as a URL. It is not
trying to validate it as a syntactically correct URL by any means but
is instead very liberal with what it accepts.
curl will attempt to re-use connections for multiple file transfers, so
that getting many files from the same server will not do multiple con-
nects / handshakes. This improves speed. Of course this is only done on
files specified on a single command line and cannot be used between
separate curl invocations.
OUTPUT
If not told otherwise, curl writes the received data to stdout. It can
be instructed to instead save that data into a local file, using the
-o, --output or -O, --remote-name options. If curl is given multiple
URLs to transfer on the command line, it similarly needs multiple op-
tions for where to save them.
curl does not parse or otherwise "understand" the content it gets or
writes as output. It does no encoding or decoding, unless explicitly
asked to with dedicated command line options.
PROTOCOLS
curl supports numerous protocols, or put in URL terms: schemes. Your
particular build may not support them all.
DICT Lets you lookup words using online dictionaries.
FILE Read or write local files. curl does not support accessing
file:// URL remotely, but when running on Microsoft Windows us-
ing the native UNC approach will work.
FTP(S) curl supports the File Transfer Protocol with a lot of tweaks
and levers. With or without using TLS.
GOPHER(S)
Retrieve files.
HTTP(S)
curl supports HTTP with numerous options and variations. It can
speak HTTP version 0.9, 1.0, 1.1, 2 and 3 depending on build op-
tions and the correct command line options.
IMAP(S)
Using the mail reading protocol, curl can "download" emails for
you. With or without using TLS.
LDAP(S)
curl can do directory lookups for you, with or without TLS.
MQTT curl supports MQTT version 3. Downloading over MQTT equals "sub-
scribe" to a topic while uploading/posting equals "publish" on a
topic. MQTT over TLS is not supported (yet).
POP3(S)
Downloading from a pop3 server means getting a mail. With or
without using TLS.
RTMP(S)
The Realtime Messaging Protocol is primarily used to server
streaming media and curl can download it.
RTSP curl supports RTSP 1.0 downloads.
SCP curl supports SSH version 2 scp transfers.
SFTP curl supports SFTP (draft 5) done over SSH version 2.
SMB(S) curl supports SMB version 1 for upload and download.
SMTP(S)
Uploading contents to an SMTP server means sending an email.
With or without TLS.
TELNET Telling curl to fetch a telnet URL starts an interactive session
where it sends what it reads on stdin and outputs what the
server sends it.
TFTP curl can do TFTP downloads and uploads.
PROGRESS METER
curl normally displays a progress meter during operations, indicating
the amount of transferred data, transfer speeds and estimated time
left, etc. The progress meter displays number of bytes and the speeds
are in bytes per second. The suffixes (k, M, G, T, P) are 1024 based.
For example 1k is 1024 bytes. 1M is 1048576 bytes.
curl displays this data to the terminal by default, so if you invoke
curl to do an operation and it is about to write data to the terminal,
it disables the progress meter as otherwise it would mess up the output
mixing progress meter and response data.
If you want a progress meter for HTTP POST or PUT requests, you need to
redirect the response output to a file, using shell redirect (>), -o,
--output or similar.
This does not apply to FTP upload as that operation does not spit out
any response data to the terminal.
If you prefer a progress "bar" instead of the regular meter, -#,
--progress-bar is your friend. You can also disable the progress meter
completely with the -s, --silent option.
OPTIONS
Options start with one or two dashes. Many of the options require an
additional value next to them.
The short "single-dash" form of the options, -d for example, may be
used with or without a space between it and its value, although a space
is a recommended separator. The long "double-dash" form, -d, --data for
example, requires a space between it and its value.
Short version options that don't need any additional values can be used
immediately next to each other, like for example you can specify all
the options -O, -L and -v at once as -OLv.
In general, all boolean options are enabled with --option and yet again
disabled with --no-option. That is, you use the exact same option name
but prefix it with "no-". However, in this list we mostly only list and
show the --option version of them. (This concept with --no options was
added in 7.19.0. Previously most options were toggled on/off through
repeated use of the same command line option.)
--abstract-unix-socket <path>
(HTTP) Connect through an abstract Unix domain socket, instead
of using the network. Note: netstat shows the path of an ab-
stract socket prefixed with '@', however the <path> argument
should not have this leading character.
Example:
curl --abstract-unix-socket socketpath https://example.com
Added in 7.53.0.
--alt-svc <file name>
(HTTPS) This option enables the alt-svc parser in curl. If the
file name points to an existing alt-svc cache file, that will be
used. After a completed transfer, the cache will be saved to the
file name again if it has been modified.
Specify a "" file name (zero length) to avoid loading/saving and
make curl just handle the cache in memory.
If this option is used several times, curl will load contents
from all the files but the last one will be used for saving.
Example:
curl --alt-svc svc.txt https://example.com
Added in 7.64.1.
--anyauth
(HTTP) Tells curl to figure out authentication method by itself,
and use the most secure one the remote site claims to support.
This is done by first doing a request and checking the response-
headers, thus possibly inducing an extra network round-trip.
This is used instead of setting a specific authentication
method, which you can do with --basic, --digest, --ntlm, and
--negotiate.
Using --anyauth is not recommended if you do uploads from stdin,
since it may require data to be sent twice and then the client
must be able to rewind. If the need should arise when uploading
from stdin, the upload operation will fail.
Used together with -u, --user.
Example:
curl --anyauth --user me:pwd https://example.com
See also --proxy-anyauth, --basic and --digest.
-a, --append
(FTP SFTP) When used in an upload, this makes curl append to the
target file instead of overwriting it. If the remote file
doesn't exist, it will be created. Note that this flag is ig-
nored by some SFTP servers (including OpenSSH).
Example:
curl --upload-file local --append ftp://example.com/
--aws-sigv4 <provider1[:provider2[:region[:service]]]>
Use AWS V4 signature authentication in the transfer.
The provider argument is a string that is used by the algorithm
when creating outgoing authentication headers.
The region argument is a string that points to a geographic area
of a resources collection (region-code) when the region name is
omitted from the endpoint.
The service argument is a string that points to a function pro-
vided by a cloud (service-code) when the service name is omitted
from the endpoint.
Example:
curl --aws-sigv4 "aws:amz:east-2:es" --user "key:secret" https://example.com
Added in 7.75.0.
--basic
(HTTP) Tells curl to use HTTP Basic authentication with the re-
mote host. This is the default and this option is usually point-
less, unless you use it to override a previously set option that
sets a different authentication method (such as --ntlm, --di-
gest, or --negotiate).
Used together with -u, --user.
Example:
curl -u name:password --basic https://example.com
See also --proxy-basic.
--cacert <file>
(TLS) Tells curl to use the specified certificate file to verify
the peer. The file may contain multiple CA certificates. The
certificate(s) must be in PEM format. Normally curl is built to
use a default file for this, so this option is typically used to
alter that default file.
curl recognizes the environment variable named 'CURL_CA_BUNDLE'
if it is set, and uses the given path as a path to a CA cert
bundle. This option overrides that variable.
The windows version of curl will automatically look for a CA
certs file named 'curl-ca-bundle.crt', either in the same direc-
tory as curl.exe, or in the Current Working Directory, or in any
folder along your PATH.
If curl is built against the NSS SSL library, the NSS PEM
PKCS#11 module (libnsspem.so) needs to be available for this op-
tion to work properly.
(iOS and macOS only) If curl is built against Secure Transport,
then this option is supported for backward compatibility with
other SSL engines, but it should not be set. If the option is
not set, then curl will use the certificates in the system and
user Keychain to verify the peer, which is the preferred method
of verifying the peer's certificate chain.
(Schannel only) This option is supported for Schannel in Windows
7 or later with libcurl 7.60 or later. This option is supported
for backward compatibility with other SSL engines; instead it is
recommended to use Windows' store of root certificates (the de-
fault for Schannel).
If this option is used several times, the last one will be used.
Example:
curl --cacert CA-file.txt https://example.com
--capath <dir>
(TLS) Tells curl to use the specified certificate directory to
verify the peer. Multiple paths can be provided by separating
them with ":" (e.g. "path1:path2:path3"). The certificates must
be in PEM format, and if curl is built against OpenSSL, the di-
rectory must have been processed using the c_rehash utility sup-
plied with OpenSSL. Using --capath can allow OpenSSL-powered
curl to make SSL-connections much more efficiently than using
--cacert if the --cacert file contains many CA certificates.
If this option is set, the default capath value will be ignored,
and if it is used several times, the last one will be used.
Example:
curl --capath /local/directory https://example.com
--cert-status
(TLS) Tells curl to verify the status of the server certificate
by using the Certificate Status Request (aka. OCSP stapling) TLS
extension.
If this option is enabled and the server sends an invalid (e.g.
expired) response, if the response suggests that the server cer-
tificate has been revoked, or no response at all is received,
the verification fails.
This is currently only implemented in the OpenSSL, GnuTLS and
NSS backends.
Example:
curl --cert-status https://example.com
Added in 7.41.0.
--cert-type <type>
(TLS) Tells curl what type the provided client certificate is
using. PEM, DER, ENG and P12 are recognized types. If not spec-
ified, PEM is assumed.
If this option is used several times, the last one will be used.
Example:
curl --cert-type PEM --cert file https://example.com
See also -E, --cert, --key and --key-type.
-E, --cert <certificate[:password]>
(TLS) Tells curl to use the specified client certificate file
when getting a file with HTTPS, FTPS or another SSL-based proto-
col. The certificate must be in PKCS#12 format if using Secure
Transport, or PEM format if using any other engine. If the op-
tional password isn't specified, it will be queried for on the
terminal. Note that this option assumes a "certificate" file
that is the private key and the client certificate concatenated!
See -E, --cert and --key to specify them independently.
If curl is built against the NSS SSL library then this option
can tell curl the nickname of the certificate to use within the
NSS database defined by the environment variable SSL_DIR (or by
default /etc/pki/nssdb). If the NSS PEM PKCS#11 module (lib-
nsspem.so) is available then PEM files may be loaded. If you
want to use a file from the current directory, please precede it
with "./" prefix, in order to avoid confusion with a nickname.
If the nickname contains ":", it needs to be preceded by "\" so
that it is not recognized as password delimiter. If the nick-
name contains "\", it needs to be escaped as "\\" so that it is
not recognized as an escape character.
If curl is built against OpenSSL library, and the engine pkcs11
is available, then a PKCS#11 URI (RFC 7512) can be used to spec-
ify a certificate located in a PKCS#11 device. A string begin-
ning with "pkcs11:" will be interpreted as a PKCS#11 URI. If a
PKCS#11 URI is provided, then the --engine option will be set as
"pkcs11" if none was provided and the --cert-type option will be
set as "ENG" if none was provided.
(iOS and macOS only) If curl is built against Secure Transport,
then the certificate string can either be the name of a certifi-
cate/private key in the system or user keychain, or the path to
a PKCS#12-encoded certificate and private key. If you want to
use a file from the current directory, please precede it with
"./" prefix, in order to avoid confusion with a nickname.
(Schannel only) Client certificates must be specified by a path
expression to a certificate store. (Loading PFX is not sup-
ported; you can import it to a store first). You can use "<store
location>\<store name>\<thumbprint>" to refer to a certificate
in the system certificates store, for example, "Curren-
tUser\MY\934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a". Thumbprint
is usually a SHA-1 hex string which you can see in certificate
details. Following store locations are supported: CurrentUser,
LocalMachine, CurrentService, Services, CurrentUserGroupPolicy,
LocalMachineGroupPolicy, LocalMachineEnterprise.
If this option is used several times, the last one will be used.
Example:
curl --cert certfile --key keyfile https://example.com
See also --cert-type, --key and --key-type.
--ciphers <list of ciphers>
(TLS) Specifies which ciphers to use in the connection. The list
of ciphers must specify valid ciphers. Read up on SSL cipher
list details on this URL:
https://curl.se/docs/ssl-ciphers.html
If this option is used several times, the last one will be used.
Example:
curl --ciphers ECDHE-ECDSA-AES256-CCM8 https://example.com
--compressed-ssh
(SCP SFTP) Enables built-in SSH compression. This is a request,
not an order; the server may or may not do it.
Example:
curl --compressed-ssh sftp://example.com/
Added in 7.56.0.
--compressed
(HTTP) Request a compressed response using one of the algorithms
curl supports, and automatically decompress the content. Headers
are not modified.
If this option is used and the server sends an unsupported en-
coding, curl will report an error. This is a request, not an or-
der; the server may or may not deliver data compressed.
Example:
curl --compressed https://example.com
-K, --config <file>
Specify a text file to read curl arguments from. The command
line arguments found in the text file will be used as if they
were provided on the command line.
Options and their parameters must be specified on the same line
in the file, separated by whitespace, colon, or the equals sign.
Long option names can optionally be given in the config file
without the initial double dashes and if so, the colon or equals
characters can be used as separators. If the option is specified
with one or two dashes, there can be no colon or equals charac-
ter between the option and its parameter.
If the parameter contains whitespace (or starts with : or =),
the parameter must be enclosed within quotes. Within double
quotes, the following escape sequences are available: \\, \",
\t, \n, \r and \v. A backslash preceding any other letter is ig-
nored.
If the first column of a config line is a '#' character, the
rest of the line will be treated as a comment.
Only write one option per physical line in the config file.
Specify the filename to -K, --config as '-' to make curl read
the file from stdin.
Note that to be able to specify a URL in the config file, you
need to specify it using the --url option, and not by simply
writing the URL on its own line. So, it could look similar to
this:
url = "https://curl.se/docs/"
When curl is invoked, it (unless -q, --disable is used) checks
for a default config file and uses it if found, even when this
option is used. The default config file is checked for in the
following places in this order:
1) Use the CURL_HOME environment variable if set
2) Use the XDG_CONFIG_HOME environment variable if set (Added in
7.73.0)
3) Use the HOME environment variable if set
4) Non-windows: use getpwuid to find the home directory
5) Windows: use APPDATA if set
6) Windows: use "USERPROFILE\Application Data" if set
7) On windows, if there is no .curlrc file in the home dir, it
checks for one in the same dir the curl executable is placed. On
Unix-like systems, it will simply try to load .curlrc from the
determined home dir.
# --- Example file ---
# this is a comment
url = "example.com"
output = "curlhere.html"
user-agent = "superagent/1.0"
# and fetch another URL too
url = "example.com/docs/manpage.html"
-O
referer = "http://nowhereatall.example.com/"
# --- End of example file ---
This option can be used multiple times to load multiple config
files.
Example:
curl --config file.txt https://example.com
--connect-timeout <fractional seconds>
Maximum time in seconds that you allow curl's connection to
take. This only limits the connection phase, so if curl con-
nects within the given period it will continue - if not it will
exit. Since version 7.32.0, this option accepts decimal values.
If this option is used several times, the last one will be used.
Examples:
curl --connect-timeout 20 https://example.com
curl --connect-timeout 3.14 https://example.com
See also -m, --max-time.
--connect-to <HOST1:PORT1:HOST2:PORT2>
For a request to the given HOST1:PORT1 pair, connect to
HOST2:PORT2 instead. This option is suitable to direct requests
at a specific server, e.g. at a specific cluster node in a clus-
ter of servers. This option is only used to establish the net-
work connection. It does NOT affect the hostname/port that is
used for TLS/SSL (e.g. SNI, certificate verification) or for the
application protocols. "HOST1" and "PORT1" may be the empty
string, meaning "any host/port". "HOST2" and "PORT2" may also be
the empty string, meaning "use the request's original
host/port".
A "host" specified to this option is compared as a string, so it
needs to match the name used in request URL. It can be either
numerical such as "127.0.0.1" or the full host name such as "ex-
ample.org".
This option can be used many times to add many connect rules.
Example:
curl --connect-to example.com:443:example.net:8443 https://example.com
See also --resolve and -H, --header. Added in 7.49.0.