-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathman_curl
2796 lines (1877 loc) · 145 KB
/
man_curl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
curl(1) Curl Manual curl(1)
NAME
curl - transfer a URL
SYNOPSIS
curl [options / URLs]
DESCRIPTION
curl is a tool to transfer data from or to a server, using one of the supported protocols (DICT, FILE, FTP,
FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMB, SMBS, SMTP,
SMTPS, TELNET and TFTP). The command is designed to work without user interaction.
curl offers a busload of useful tricks like proxy support, user authentication, FTP upload, HTTP post, SSL con‐
nections, cookies, file transfer resume, Metalink, and more. As you will see below, the number of features will
make your head spin!
curl is powered by libcurl for all transfer-related features. See libcurl(3) for details.
URL
The URL syntax is protocol-dependent. You'll find a detailed description in RFC 3986.
You can specify multiple URLs or parts of URLs by writing part sets within braces as in:
http://site.{one,two,three}.com
or you can get sequences of alphanumeric series by using [] as in:
ftp://ftp.example.com/file[1-100].txt
ftp://ftp.example.com/file[001-100].txt (with leading zeros)
ftp://ftp.example.com/file[a-z].txt
Nested sequences are not supported, but you can use several ones next to each other:
http://example.com/archive[1996-1999]/vol[1-4]/part{a,b,c}.html
You can specify any amount of URLs on the command line. They will be fetched in a sequential manner in the
specified order. You can specify command line options and URLs mixed and in any order on the command line.
You can specify a step counter for the ranges to get every Nth number or letter:
http://example.com/file[1-100:10].txt
http://example.com/file[a-z:2].txt
When using [] or {} sequences when invoked from a command line prompt, you probably have to put the full URL
within double quotes to avoid the shell from interfering with it. This also goes for other characters treated
special, like for example '&', '?' and '*'.
Provide the IPv6 zone index in the URL with an escaped percentage sign and the interface name. Like in
http://[fe80::3%25eth0]/
If you specify URL without protocol:// prefix, curl will attempt to guess what protocol you might want. It will
then default to HTTP but try other protocols based on often-used host name prefixes. For example, for host
names starting with "ftp." curl will assume you want to speak FTP.
curl will do its best to use what you pass to it as a URL. It is not trying to validate it as a syntactically
correct URL by any means but is instead very liberal with what it accepts.
curl will attempt to re-use connections for multiple file transfers, so that getting many files from the same
server will not do multiple connects / handshakes. This improves speed. Of course this is only done on files
specified on a single command line and cannot be used between separate curl invokes.
PROGRESS METER
curl normally displays a progress meter during operations, indicating the amount of transferred data, transfer
speeds and estimated time left, etc. The progress meter displays number of bytes and the speeds are in bytes
per second. The suffixes (k, M, G, T, P) are 1024 based. For example 1k is 1024 bytes. 1M is 1048576 bytes.
curl displays this data to the terminal by default, so if you invoke curl to do an operation and it is about to
write data to the terminal, it disables the progress meter as otherwise it would mess up the output mixing
progress meter and response data.
If you want a progress meter for HTTP POST or PUT requests, you need to redirect the response output to a file,
using shell redirect (>), -o, --output or similar.
It is not the same case for FTP upload as that operation does not spit out any response data to the terminal.
If you prefer a progress "bar" instead of the regular meter, -#, --progress-bar is your friend. You can also
disable the progress meter completely with the -s, --silent option.
OPTIONS
Options start with one or two dashes. Many of the options require an additional value next to them.
The short "single-dash" form of the options, -d for example, may be used with or without a space between it and
its value, although a space is a recommended separator. The long "double-dash" form, -d, --data for example,
requires a space between it and its value.
Short version options that don't need any additional values can be used immediately next to each other, like
for example you can specify all the options -O, -L and -v at once as -OLv.
In general, all boolean options are enabled with --option and yet again disabled with --no-option. That is, you
use the exact same option name but prefix it with "no-". However, in this list we mostly only list and show the
--option version of them. (This concept with --no options was added in 7.19.0. Previously most options were
toggled on/off on repeated use of the same command line option.)
--abstract-unix-socket <path>
(HTTP) Connect through an abstract Unix domain socket, instead of using the network. Note: netstat
shows the path of an abstract socket prefixed with '@', however the <path> argument should not have this
leading character.
Added in 7.53.0.
--anyauth
(HTTP) Tells curl to figure out authentication method by itself, and use the most secure one the remote
site claims to support. This is done by first doing a request and checking the response-headers, thus
possibly inducing an extra network round-trip. This is used instead of setting a specific authentication
method, which you can do with --basic, --digest, --ntlm, and --negotiate.
Using --anyauth is not recommended if you do uploads from stdin, since it may require data to be sent
twice and then the client must be able to rewind. If the need should arise when uploading from stdin,
the upload operation will fail.
Used together with -u, --user.
See also --proxy-anyauth and --basic and --digest.
-a, --append
(FTP SFTP) When used in an upload, this makes curl append to the target file instead of overwriting it.
If the remote file doesn't exist, it will be created. Note that this flag is ignored by some SFTP
servers (including OpenSSH).
--basic
(HTTP) Tells curl to use HTTP Basic authentication with the remote host. This is the default and this
option is usually pointless, unless you use it to override a previously set option that sets a different
authentication method (such as --ntlm, --digest, or --negotiate).
Used together with -u, --user.
See also --proxy-basic.
--cacert <file>
(TLS) Tells curl to use the specified certificate file to verify the peer. The file may contain multiple
CA certificates. The certificate(s) must be in PEM format. Normally curl is built to use a default file
for this, so this option is typically used to alter that default file.
curl recognizes the environment variable named 'CURL_CA_BUNDLE' if it is set, and uses the given path as
a path to a CA cert bundle. This option overrides that variable.
The windows version of curl will automatically look for a CA certs file named 'curl-ca-bundle.crt',
either in the same directory as curl.exe, or in the Current Working Directory, or in any folder along
your PATH.
If curl is built against the NSS SSL library, the NSS PEM PKCS#11 module (libnsspem.so) needs to be
available for this option to work properly.
(iOS and macOS only) If curl is built against Secure Transport, then this option is supported for back‐
ward compatibility with other SSL engines, but it should not be set. If the option is not set, then curl
will use the certificates in the system and user Keychain to verify the peer, which is the preferred
method of verifying the peer's certificate chain.
(Schannel/WinSSL only) This option is supported for WinSSL in Windows 7 or later with libcurl 7.60 or
later. This option is supported for backward compatibility with other SSL engines; instead it is recom‐
mended to use Windows' store of root certificates (the default for WinSSL).
If this option is used several times, the last one will be used.
--capath <dir>
(TLS) Tells curl to use the specified certificate directory to verify the peer. Multiple paths can be
provided by separating them with ":" (e.g. "path1:path2:path3"). The certificates must be in PEM for‐
mat, and if curl is built against OpenSSL, the directory must have been processed using the c_rehash
utility supplied with OpenSSL. Using --capath can allow OpenSSL-powered curl to make SSL-connections
much more efficiently than using --cacert if the --cacert file contains many CA certificates.
If this option is set, the default capath value will be ignored, and if it is used several times, the
last one will be used.
--cert-status
(TLS) Tells curl to verify the status of the server certificate by using the Certificate Status Request
(aka. OCSP stapling) TLS extension.
If this option is enabled and the server sends an invalid (e.g. expired) response, if the response sug‐
gests that the server certificate has been revoked, or no response at all is received, the verification
fails.
This is currently only implemented in the OpenSSL, GnuTLS and NSS backends.
Added in 7.41.0.
--cert-type <type>
(TLS) Tells curl what certificate type the provided certificate is in. PEM, DER and ENG are recognized
types. If not specified, PEM is assumed.
If this option is used several times, the last one will be used.
See also -E, --cert and --key and --key-type.
-E, --cert <certificate[:password]>
(TLS) Tells curl to use the specified client certificate file when getting a file with HTTPS, FTPS or
another SSL-based protocol. The certificate must be in PKCS#12 format if using Secure Transport, or PEM
format if using any other engine. If the optional password isn't specified, it will be queried for on
the terminal. Note that this option assumes a "certificate" file that is the private key and the client
certificate concatenated! See -E, --cert and --key to specify them independently.
If curl is built against the NSS SSL library then this option can tell curl the nickname of the certifi‐
cate to use within the NSS database defined by the environment variable SSL_DIR (or by default
/etc/pki/nssdb). If the NSS PEM PKCS#11 module (libnsspem.so) is available then PEM files may be loaded.
If you want to use a file from the current directory, please precede it with "./" prefix, in order to
avoid confusion with a nickname. If the nickname contains ":", it needs to be preceded by "\" so that
it is not recognized as password delimiter. If the nickname contains "\", it needs to be escaped as
"\\" so that it is not recognized as an escape character.
(iOS and macOS only) If curl is built against Secure Transport, then the certificate string can either
be the name of a certificate/private key in the system or user keychain, or the path to a
PKCS#12-encoded certificate and private key. If you want to use a file from the current directory,
please precede it with "./" prefix, in order to avoid confusion with a nickname.
(Schannel/WinSSL only) Client certificates must be specified by a path expression to a certificate
store. (Loading PFX is not supported; you can import it to a store first). You can use "<store loca‐
tion>\<store name>\<thumbprint>" to refer to a certificate in the system certificates store, for exam‐
ple, "CurrentUser\MY\934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a". Thumbprint is usually a SHA-1 hex string
which you can see in certificate details. Following store locations are supported: CurrentUser, LocalMa‐
chine, CurrentService, Services, CurrentUserGroupPolicy, LocalMachineGroupPolicy, LocalMachineEnter‐
prise.
If this option is used several times, the last one will be used.
See also --cert-type and --key and --key-type.
--ciphers <list of ciphers>
(TLS) Specifies which ciphers to use in the connection. The list of ciphers must specify valid ciphers.
Read up on SSL cipher list details on this URL:
https://curl.haxx.se/docs/ssl-ciphers.html
If this option is used several times, the last one will be used.
--compressed-ssh
(SCP SFTP) Enables built-in SSH compression. This is a request, not an order; the server may or may not
do it.
Added in 7.56.0.
--compressed
(HTTP) Request a compressed response using one of the algorithms curl supports, and save the uncom‐
pressed document. If this option is used and the server sends an unsupported encoding, curl will report
an error.
-K, --config <file>
Specify a text file to read curl arguments from. The command line arguments found in the text file will
be used as if they were provided on the command line.
Options and their parameters must be specified on the same line in the file, separated by whitespace,
colon, or the equals sign. Long option names can optionally be given in the config file without the ini‐
tial double dashes and if so, the colon or equals characters can be used as separators. If the option is
specified with one or two dashes, there can be no colon or equals character between the option and its
parameter.
If the parameter is to contain whitespace, the parameter must be enclosed within quotes. Within double
quotes, the following escape sequences are available: \\, \", \t, \n, \r and \v. A backslash preceding
any other letter is ignored. If the first column of a config line is a '#' character, the rest of the
line will be treated as a comment. Only write one option per physical line in the config file.
Specify the filename to -K, --config as '-' to make curl read the file from stdin.
Note that to be able to specify a URL in the config file, you need to specify it using the --url option,
and not by simply writing the URL on its own line. So, it could look similar to this:
url = "https://curl.haxx.se/docs/"
When curl is invoked, it (unless -q, --disable is used) checks for a default config file and uses it if
found. The default config file is checked for in the following places in this order:
1) curl tries to find the "home dir": It first checks for the CURL_HOME and then the HOME environment
variables. Failing that, it uses getpwuid() on Unix-like systems (which returns the home dir given the
current user in your system). On Windows, it then checks for the APPDATA variable, or as a last resort
the '%USERPROFILE%\Application Data'.
2) On windows, if there is no _curlrc file in the home dir, it checks for one in the same dir the curl
executable is placed. On Unix-like systems, it will simply try to load .curlrc from the determined home
dir.
# --- Example file ---
# this is a comment
url = "example.com"
output = "curlhere.html"
user-agent = "superagent/1.0"
# and fetch another URL too
url = "example.com/docs/manpage.html"
-O
referer = "http://nowhereatall.example.com/"
# --- End of example file ---
This option can be used multiple times to load multiple config files.
--connect-timeout <seconds>
Maximum time in seconds that you allow curl's connection to take. This only limits the connection
phase, so if curl connects within the given period it will continue - if not it will exit. Since ver‐
sion 7.32.0, this option accepts decimal values.
If this option is used several times, the last one will be used.
See also -m, --max-time.
--connect-to <HOST1:PORT1:HOST2:PORT2>
For a request to the given HOST1:PORT1 pair, connect to HOST2:PORT2 instead. This option is suitable to
direct requests at a specific server, e.g. at a specific cluster node in a cluster of servers. This
option is only used to establish the network connection. It does NOT affect the hostname/port that is
used for TLS/SSL (e.g. SNI, certificate verification) or for the application protocols. "HOST1" and
"PORT1" may be the empty string, meaning "any host/port". "HOST2" and "PORT2" may also be the empty
string, meaning "use the request's original host/port".
A "host" specified to this option is compared as a string, so it needs to match the name used in request
URL. It can be either numerical such as "127.0.0.1" or the full host name such as "example.org".
This option can be used many times to add many connect rules.
See also --resolve and -H, --header. Added in 7.49.0.
-C, --continue-at <offset>
Continue/Resume a previous file transfer at the given offset. The given offset is the exact number of
bytes that will be skipped, counting from the beginning of the source file before it is transferred to
the destination. If used with uploads, the FTP server command SIZE will not be used by curl.
Use "-C -" to tell curl to automatically find out where/how to resume the transfer. It then uses the
given output/input files to figure that out.
If this option is used several times, the last one will be used.
See also -r, --range.
-c, --cookie-jar <filename>
(HTTP) Specify to which file you want curl to write all cookies after a completed operation. Curl writes
all cookies from its in-memory cookie storage to the given file at the end of operations. If no cookies
are known, no data will be written. The file will be written using the Netscape cookie file format. If
you set the file name to a single dash, "-", the cookies will be written to stdout.
This command line option will activate the cookie engine that makes curl record and use cookies. Another
way to activate it is to use the -b, --cookie option.
If the cookie jar can't be created or written to, the whole curl operation won't fail or even report an
error clearly. Using -v, --verbose will get a warning displayed, but that is the only visible feedback
you get about this possibly lethal situation.
If this option is used several times, the last specified file name will be used.
-b, --cookie <data>
(HTTP) Pass the data to the HTTP server in the Cookie header. It is supposedly the data previously
received from the server in a "Set-Cookie:" line. The data should be in the format "NAME1=VALUE1;
NAME2=VALUE2".
If no '=' symbol is used in the argument, it is instead treated as a filename to read previously stored
cookie from. This option also activates the cookie engine which will make curl record incoming cookies,
which may be handy if you're using this in combination with the -L, --location option or do multiple URL
transfers on the same invoke. If the file name is exactly a minus ("-"), curl will instead the contents
from stdin.
The file format of the file to read cookies from should be plain HTTP headers (Set-Cookie style) or the
Netscape/Mozilla cookie file format.
The file specified with -b, --cookie is only used as input. No cookies will be written to the file. To
store cookies, use the -c, --cookie-jar option.
Exercise caution if you are using this option and multiple transfers may occur. If you use the
NAME1=VALUE1; format, or in a file use the Set-Cookie format and don't specify a domain, then the cookie
is sent for any domain (even after redirects are followed) and cannot be modified by a server-set
cookie. If the cookie engine is enabled and a server sets a cookie of the same name then both will be
sent on a future transfer to that server, likely not what you intended. To address these issues set a
domain in Set-Cookie (doing that will include sub domains) or use the Netscape format.
If this option is used several times, the last one will be used.
Users very often want to both read cookies from a file and write updated cookies back to a file, so
using both -b, --cookie and -c, --cookie-jar in the same command line is common.
--create-dirs
When used in conjunction with the -o, --output option, curl will create the necessary local directory
hierarchy as needed. This option creates the dirs mentioned with the -o, --output option, nothing else.
If the --output file name uses no dir or if the dirs it mentions already exist, no dir will be created.
To create remote directories when using FTP or SFTP, try --ftp-create-dirs.
--crlf (FTP SMTP) Convert LF to CRLF in upload. Useful for MVS (OS/390).
(SMTP added in 7.40.0)
--crlfile <file>
(TLS) Provide a file using PEM format with a Certificate Revocation List that may specify peer certifi‐
cates that are to be considered revoked.
If this option is used several times, the last one will be used.
Added in 7.19.7.
--data-ascii <data>
(HTTP) This is just an alias for -d, --data.
--data-binary <data>
(HTTP) This posts data exactly as specified with no extra processing whatsoever.
If you start the data with the letter @, the rest should be a filename. Data is posted in a similar
manner as -d, --data does, except that newlines and carriage returns are preserved and conversions are
never done.
If this option is used several times, the ones following the first will append data as described in -d,
--data.
--data-raw <data>
(HTTP) This posts data similarly to -d, --data but without the special interpretation of the @ charac‐
ter.
See also -d, --data. Added in 7.43.0.
--data-urlencode <data>
(HTTP) This posts data, similar to the other -d, --data options with the exception that this performs
URL-encoding.
To be CGI-compliant, the <data> part should begin with a name followed by a separator and a content
specification. The <data> part can be passed to curl using one of the following syntaxes:
content
This will make curl URL-encode the content and pass that on. Just be careful so that the content
doesn't contain any = or @ symbols, as that will then make the syntax match one of the other
cases below!
=content
This will make curl URL-encode the content and pass that on. The preceding = symbol is not
included in the data.
name=content
This will make curl URL-encode the content part and pass that on. Note that the name part is
expected to be URL-encoded already.
@filename
This will make curl load data from the given file (including any newlines), URL-encode that data
and pass it on in the POST.
name@filename
This will make curl load data from the given file (including any newlines), URL-encode that data
and pass it on in the POST. The name part gets an equal sign appended, resulting in name=urlen‐
coded-file-content. Note that the name is expected to be URL-encoded already.
See also -d, --data and --data-raw. Added in 7.18.0.
-d, --data <data>
(HTTP) Sends the specified data in a POST request to the HTTP server, in the same way that a browser
does when a user has filled in an HTML form and presses the submit button. This will cause curl to pass
the data to the server using the content-type application/x-www-form-urlencoded. Compare to -F, --form.
--data-raw is almost the same but does not have a special interpretation of the @ character. To post
data purely binary, you should instead use the --data-binary option. To URL-encode the value of a form
field you may use --data-urlencode.
If any of these options is used more than once on the same command line, the data pieces specified will
be merged together with a separating &-symbol. Thus, using '-d name=daniel -d skill=lousy' would gener‐
ate a post chunk that looks like 'name=daniel&skill=lousy'.
If you start the data with the letter @, the rest should be a file name to read the data from, or - if
you want curl to read the data from stdin. Multiple files can also be specified. Posting data from a
file named from a file like that, carriage returns and newlines will be stripped out. If you don't want
the @ character to have a special interpretation use --data-raw instead.
See also --data-binary and --data-urlencode and --data-raw. This option overrides -F, --form and -I,
--head and --upload.
--delegation <LEVEL>
(GSS/kerberos) Set LEVEL to tell the server what it is allowed to delegate when it comes to user creden‐
tials.
none Don't allow any delegation.
policy Delegates if and only if the OK-AS-DELEGATE flag is set in the Kerberos service ticket, which is
a matter of realm policy.
always Unconditionally allow the server to delegate.
--digest
(HTTP) Enables HTTP Digest authentication. This is an authentication scheme that prevents the password
from being sent over the wire in clear text. Use this in combination with the normal -u, --user option
to set user name and password.
If this option is used several times, only the first one is used.
See also -u, --user and --proxy-digest and --anyauth. This option overrides --basic and --ntlm and
--negotiate.
--disable-eprt
(FTP) Tell curl to disable the use of the EPRT and LPRT commands when doing active FTP transfers. Curl
will normally always first attempt to use EPRT, then LPRT before using PORT, but with this option, it
will use PORT right away. EPRT and LPRT are extensions to the original FTP protocol, and may not work on
all servers, but they enable more functionality in a better way than the traditional PORT command.
--eprt can be used to explicitly enable EPRT again and --no-eprt is an alias for --disable-eprt.
If the server is accessed using IPv6, this option will have no effect as EPRT is necessary then.
Disabling EPRT only changes the active behavior. If you want to switch to passive mode you need to not
use -P, --ftp-port or force it with --ftp-pasv.
--disable-epsv
(FTP) (FTP) Tell curl to disable the use of the EPSV command when doing passive FTP transfers. Curl will
normally always first attempt to use EPSV before PASV, but with this option, it will not try using EPSV.
--epsv can be used to explicitly enable EPSV again and --no-epsv is an alias for --disable-epsv.
If the server is an IPv6 host, this option will have no effect as EPSV is necessary then.
Disabling EPSV only changes the passive behavior. If you want to switch to active mode you need to use
-P, --ftp-port.
-q, --disable
If used as the first parameter on the command line, the curlrc config file will not be read and used.
See the -K, --config for details on the default config file search path.
--dns-interface <interface>
(DNS) Tell curl to send outgoing DNS requests through <interface>. This option is a counterpart to
--interface (which does not affect DNS). The supplied string must be an interface name (not an address).
See also --dns-ipv4-addr and --dns-ipv6-addr. --dns-interface requires that the underlying libcurl was
built to support c-ares. Added in 7.33.0.
--dns-ipv4-addr <address>
(DNS) Tell curl to bind to <ip-address> when making IPv4 DNS requests, so that the DNS requests origi‐
nate from this address. The argument should be a single IPv4 address.
See also --dns-interface and --dns-ipv6-addr. --dns-ipv4-addr requires that the underlying libcurl was
built to support c-ares. Added in 7.33.0.
--dns-ipv6-addr <address>
(DNS) Tell curl to bind to <ip-address> when making IPv6 DNS requests, so that the DNS requests origi‐
nate from this address. The argument should be a single IPv6 address.
See also --dns-interface and --dns-ipv4-addr. --dns-ipv6-addr requires that the underlying libcurl was
built to support c-ares. Added in 7.33.0.
--dns-servers <addresses>
Set the list of DNS servers to be used instead of the system default. The list of IP addresses should
be separated with commas. Port numbers may also optionally be given as :<port-number> after each IP
address.
--dns-servers requires that the underlying libcurl was built to support c-ares. Added in 7.33.0.
-D, --dump-header <filename>
(HTTP FTP) Write the received protocol headers to the specified file.
This option is handy to use when you want to store the headers that an HTTP site sends to you. Cookies
from the headers could then be read in a second curl invocation by using the -b, --cookie option! The
-c, --cookie-jar option is a better way to store cookies.
When used in FTP, the FTP server response lines are considered being "headers" and thus are saved there.
If this option is used several times, the last one will be used.
See also -o, --output.
--egd-file <file>
(TLS) Specify the path name to the Entropy Gathering Daemon socket. The socket is used to seed the ran‐
dom engine for SSL connections.
See also --random-file.
--engine <name>
(TLS) Select the OpenSSL crypto engine to use for cipher operations. Use --engine list to print a list
of build-time supported engines. Note that not all (or none) of the engines may be available at run-
time.
--expect100-timeout <seconds>
(HTTP) Maximum time in seconds that you allow curl to wait for a 100-continue response when curl emits
an Expects: 100-continue header in its request. By default curl will wait one second. This option
accepts decimal values! When curl stops waiting, it will continue as if the response has been received.
See also --connect-timeout. Added in 7.47.0.
--fail-early
Fail and exit on the first detected transfer error.
When curl is used to do multiple transfers on the command line, it will attempt to operate on each given
URL, one by one. By default, it will ignore errors if there are more URLs given and the last URL's suc‐
cess will determine the error code curl returns. So early failures will be "hidden" by subsequent suc‐
cessful transfers.
Using this option, curl will instead return an error on the first transfer that fails, independent of
the amount of URLs that are given on the command line. This way, no transfer failures go undetected by
scripts and similar.
This option is global and does not need to be specified for each use of -:, --next.
This option does not imply -f, --fail, which causes transfers to fail due to the server's HTTP status
code. You can combine the two options, however note -f, --fail is not global and is therefore contained
by -:, --next.
Added in 7.52.0.
-f, --fail
(HTTP) Fail silently (no output at all) on server errors. This is mostly done to better enable scripts
etc to better deal with failed attempts. In normal cases when an HTTP server fails to deliver a docu‐
ment, it returns an HTML document stating so (which often also describes why and more). This flag will
prevent curl from outputting that and return error 22.
This method is not fail-safe and there are occasions where non-successful response codes will slip
through, especially when authentication is involved (response codes 401 and 407).
--false-start
(TLS) Tells curl to use false start during the TLS handshake. False start is a mode where a TLS client
will start sending application data before verifying the server's Finished message, thus saving a round
trip when performing a full handshake.
This is currently only implemented in the NSS and Secure Transport (on iOS 7.0 or later, or OS X 10.9 or
later) backends.
Added in 7.42.0.
--form-string <name=string>
(HTTP SMTP IMAP) Similar to -F, --form except that the value string for the named parameter is used lit‐
erally. Leading '@' and '<' characters, and the ';type=' string in the value have no special meaning.
Use this in preference to -F, --form if there's any possibility that the string value may accidentally
trigger the '@' or '<' features of -F, --form.
See also -F, --form.
-F, --form <name=content>
(HTTP SMTP IMAP) For HTTP protocol family, this lets curl emulate a filled-in form in which a user has
pressed the submit button. This causes curl to POST data using the Content-Type multipart/form-data
according to RFC 2388.
For SMTP and IMAP protocols, this is the mean to compose a multipart mail message to transmit.
This enables uploading of binary files etc. To force the 'content' part to be a file, prefix the file
name with an @ sign. To just get the content part from a file, prefix the file name with the symbol <.
The difference between @ and < is then that @ makes a file get attached in the post as a file upload,
while the < makes a text field and just get the contents for that text field from a file.
Tell curl to read content from stdin instead of a file by using - as filename. This goes for both @ and
< constructs. When stdin is used, the contents is buffered in memory first by curl to determine its size
and allow a possible resend. Defining a part's data from a named non-regular file (such as a named pipe
or similar) is unfortunately not subject to buffering and will be effectively read at transmission time;
since the full size is unknown before the transfer starts, such data is sent as chunks by HTTP and
rejected by IMAP.
Example: send an image to an HTTP server, where 'profile' is the name of the form-field to which the
file portrait.jpg will be the input:
curl -F [email protected] https://example.com/upload.cgi
Example: send a your name and shoe size in two text fields to the server:
curl -F name=John -F shoesize=11 https://example.com/
Example: send a your essay in a text field to the server. Send it as a plain text field, but get the
contents for it from a local file:
curl -F "story=<hugefile.txt" https://example.com/
You can also tell curl what Content-Type to use by using 'type=', in a manner similar to:
curl -F "[email protected];type=text/html" example.com
or
curl -F "name=daniel;type=text/foo" example.com
You can also explicitly change the name field of a file upload part by setting filename=, like this:
curl -F "file=@localfile;filename=nameinpost" example.com
If filename/path contains ',' or ';', it must be quoted by double-quotes like:
curl -F "file=@\"localfile\";filename=\"nameinpost\"" example.com
or
curl -F 'file=@"localfile";filename="nameinpost"' example.com
Note that if a filename/path is quoted by double-quotes, any double-quote or backslash within the file‐
name must be escaped by backslash.
Quoting must also be applied to non-file data if it contains semicolons, leading/trailing spaces or
leading double quotes:
curl -F 'colors="red; green; blue";type=text/x-myapp' example.com
You can add custom headers to the field by setting headers=, like
curl -F "submit=OK;headers=\"X-submit-type: OK\"" example.com
or
curl -F "submit=OK;headers=@headerfile" example.com
The headers= keyword may appear more that once and above notes about quoting apply. When headers are
read from a file, Empty lines and lines starting with '#' are comments and ignored; each header can be
folded by splitting between two words and starting the continuation line with a space; embedded car‐
riage-returns and trailing spaces are stripped. Here is an example of a header file contents:
# This file contain two headers.
X-header-1: this is a header
# The following header is folded.
X-header-2: this is
another header
To support sending multipart mail messages, the syntax is extended as follows:
- name can be omitted: the equal sign is the first character of the argument,
- if data starts with '(', this signals to start a new multipart: it can be followed by a content type
specification.
- a multipart can be terminated with a '=)' argument.
Example: the following command sends an SMTP mime e-mail consisting in an inline part in two alternative
formats: plain text and HTML. It attaches a text file:
curl -F '=(;type=multipart/alternative' \
-F '=plain text message' \
-F '= <body>HTML message</body>;type=text/html' \
-F '=)' -F '[email protected]' ... smtp://example.com
Data can be encoded for transfer using encoder=. Available encodings are binary and 8bit that do nothing
else than adding the corresponding Content-Transfer-Encoding header, 7bit that only rejects 8-bit char‐
acters with a transfer error, quoted-printable and base64 that encodes data according to the correspond‐
ing schemes, limiting lines length to 76 characters.
Example: send multipart mail with a quoted-printable text message and a base64 attached file:
curl -F '=text message;encoder=quoted-printable' \
-F '=@localfile;encoder=base64' ... smtp://example.com
See further examples and details in the MANUAL.
This option can be used multiple times.
This option overrides -d, --data and -I, --head and --upload.
--ftp-account <data>
(FTP) When an FTP server asks for "account data" after user name and password has been provided, this
data is sent off using the ACCT command.
If this option is used several times, the last one will be used.
Added in 7.13.0.
--ftp-alternative-to-user <command>
(FTP) If authenticating with the USER and PASS commands fails, send this command. When connecting to
Tumbleweed's Secure Transport server over FTPS using a client certificate, using "SITE AUTH" will tell
the server to retrieve the username from the certificate.
Added in 7.15.5.
--ftp-create-dirs
(FTP SFTP) When an FTP or SFTP URL/operation uses a path that doesn't currently exist on the server, the
standard behavior of curl is to fail. Using this option, curl will instead attempt to create missing
directories.
See also --create-dirs.
--ftp-method <method>
(FTP) Control what method curl should use to reach a file on an FTP(S) server. The method argument
should be one of the following alternatives:
multicwd
curl does a single CWD operation for each path part in the given URL. For deep hierarchies this
means very many commands. This is how RFC 1738 says it should be done. This is the default but
the slowest behavior.
nocwd curl does no CWD at all. curl will do SIZE, RETR, STOR etc and give a full path to the server for
all these commands. This is the fastest behavior.
singlecwd
curl does one CWD with the full target directory and then operates on the file "normally" (like
in the multicwd case). This is somewhat more standards compliant than 'nocwd' but without the
full penalty of 'multicwd'.
Added in 7.15.1.
--ftp-pasv
(FTP) Use passive mode for the data connection. Passive is the internal default behavior, but using this
option can be used to override a previous -P, --ftp-port option.
If this option is used several times, only the first one is used. Undoing an enforced passive really
isn't doable but you must then instead enforce the correct -P, --ftp-port again.
Passive mode means that curl will try the EPSV command first and then PASV, unless --disable-epsv is
used.
See also --disable-epsv. Added in 7.11.0.
-P, --ftp-port <address>
(FTP) Reverses the default initiator/listener roles when connecting with FTP. This option makes curl use
active mode. curl then tells the server to connect back to the client's specified address and port,
while passive mode asks the server to setup an IP address and port for it to connect to. <address>
should be one of:
interface
e.g. "eth0" to specify which interface's IP address you want to use (Unix only)
IP address
e.g. "192.168.10.1" to specify the exact IP address
host name
e.g. "my.host.domain" to specify the machine
- make curl pick the same IP address that is already used for the control connection
If this option is used several times, the last one will be used. Disable the use of PORT with --ftp-pasv. Dis‐
able the attempt to use the EPRT command instead of PORT by using --disable-eprt. EPRT is really PORT++.
Since 7.19.5, you can append ":[start]-[end]" to the right of the address, to tell curl what TCP port range to
use. That means you specify a port range, from a lower to a higher number. A single number works as well, but
do note that it increases the risk of failure since the port may not be available.
See also --ftp-pasv and --disable-eprt.
--ftp-pret
(FTP) Tell curl to send a PRET command before PASV (and EPSV). Certain FTP servers, mainly drftpd,
require this non-standard command for directory listings as well as up and downloads in PASV mode.
Added in 7.20.0.
--ftp-skip-pasv-ip
(FTP) Tell curl to not use the IP address the server suggests in its response to curl's PASV command
when curl connects the data connection. Instead curl will re-use the same IP address it already uses for
the control connection.
This option has no effect if PORT, EPRT or EPSV is used instead of PASV.
See also --ftp-pasv. Added in 7.14.2.
--ftp-ssl-ccc-mode <active/passive>
(FTP) Sets the CCC mode. The passive mode will not initiate the shutdown, but instead wait for the
server to do it, and will not reply to the shutdown from the server. The active mode initiates the shut‐
down and waits for a reply from the server.
See also --ftp-ssl-ccc. Added in 7.16.2.
--ftp-ssl-ccc
(FTP) Use CCC (Clear Command Channel) Shuts down the SSL/TLS layer after authenticating. The rest of the
control channel communication will be unencrypted. This allows NAT routers to follow the FTP transac‐
tion. The default mode is passive.
See also --ssl and --ftp-ssl-ccc-mode. Added in 7.16.1.
--ftp-ssl-control
(FTP) Require SSL/TLS for the FTP login, clear for transfer. Allows secure authentication, but non-
encrypted data transfers for efficiency. Fails the transfer if the server doesn't support SSL/TLS.
Added in 7.16.0.
-G, --get
When used, this option will make all data specified with -d, --data, --data-binary or --data-urlencode
to be used in an HTTP GET request instead of the POST request that otherwise would be used. The data
will be appended to the URL with a '?' separator.
If used in combination with -I, --head, the POST data will instead be appended to the URL with a HEAD
request.
If this option is used several times, only the first one is used. This is because undoing a GET doesn't
make sense, but you should then instead enforce the alternative method you prefer.
-g, --globoff
This option switches off the "URL globbing parser". When you set this option, you can specify URLs that
contain the letters {}[] without having them being interpreted by curl itself. Note that these letters
are not normal legal URL contents but they should be encoded according to the URI standard.
--happy-eyeballs-timeout-ms <milliseconds>
Happy eyeballs is an algorithm that attempts to connect to both IPv4 and IPv6 addresses for dual-stack
hosts, preferring IPv6 first for the number of milliseconds. If the IPv6 address cannot be connected to
within that time then a connection attempt is made to the IPv4 address in parallel. The first connection
to be established is the one that is used.
The range of suggested useful values is limited. Happy Eyeballs RFC 6555 says "It is RECOMMENDED that
connection attempts be paced 150-250 ms apart to balance human factors against network load." libcurl
currently defaults to 200 ms. Firefox and Chrome currently default to 300 ms.
If this option is used several times, the last one will be used.
Added in 7.59.0.
--haproxy-protocol
(HTTP) Send a HAProxy PROXY protocol header at the beginning of the connection. This is used by some
load balancers and reverse proxies to indicate the client's true IP address and port.
This option is primarily useful when sending test requests to a service that expects this header.
Added in 7.60.0.
-I, --head
(HTTP FTP FILE) Fetch the headers only! HTTP-servers feature the command HEAD which this uses to get
nothing but the header of a document. When used on an FTP or FILE file, curl displays the file size and
last modification time only.
-H, --header <header/@file>
(HTTP) Extra header to include in the request when sending HTTP to a server. You may specify any number
of extra headers. Note that if you should add a custom header that has the same name as one of the
internal ones curl would use, your externally set header will be used instead of the internal one. This
allows you to make even trickier stuff than curl would normally do. You should not replace internally
set headers without knowing perfectly well what you're doing. Remove an internal header by giving a
replacement without content on the right side of the colon, as in: -H "Host:". If you send the custom
header with no-value then its header must be terminated with a semicolon, such as -H "X-Custom-Header;"
to send "X-Custom-Header:".
curl will make sure that each header you add/replace is sent with the proper end-of-line marker, you
should thus not add that as a part of the header content: do not add newlines or carriage returns, they
will only mess things up for you.
Starting in 7.55.0, this option can take an argument in @filename style, which then adds a header for
each line in the input file. Using @- will make curl read the header file from stdin.
See also the -A, --user-agent and -e, --referer options.
Starting in 7.37.0, you need --proxy-header to send custom headers intended for a proxy.
Example:
curl -H "X-First-Name: Joe" http://example.com/
WARNING: headers set with this option will be set in all requests - even after redirects are followed,
like when told with -L, --location. This can lead to the header being sent to other hosts than the orig‐
inal host, so sensitive headers should be used with caution combined with following redirects.
This option can be used multiple times to add/replace/remove multiple headers.
-h, --help
Usage help. This lists all current command line options with a short description.
--hostpubmd5 <md5>
(SFTP SCP) Pass a string containing 32 hexadecimal digits. The string should be the 128 bit MD5 checksum
of the remote host's public key, curl will refuse the connection with the host unless the md5sums match.
Added in 7.17.1.
-0, --http1.0
(HTTP) Tells curl to use HTTP version 1.0 instead of using its internally preferred HTTP version.
This option overrides --http1.1 and --http2.
--http1.1
(HTTP) Tells curl to use HTTP version 1.1.
This option overrides -0, --http1.0 and --http2. Added in 7.33.0.
--http2-prior-knowledge
(HTTP) Tells curl to issue its non-TLS HTTP requests using HTTP/2 without HTTP/1.1 Upgrade. It requires
prior knowledge that the server supports HTTP/2 straight away. HTTPS requests will still do HTTP/2 the
standard way with negotiated protocol version in the TLS handshake.
--http2-prior-knowledge requires that the underlying libcurl was built to support HTTP/2. This option
overrides --http1.1 and -0, --http1.0 and --http2. Added in 7.49.0.
--http2
(HTTP) Tells curl to use HTTP version 2.
See also --no-alpn. --http2 requires that the underlying libcurl was built to support HTTP/2. This
option overrides --http1.1 and -0, --http1.0 and --http2-prior-knowledge. Added in 7.33.0.
--ignore-content-length
(FTP HTTP) For HTTP, Ignore the Content-Length header. This is particularly useful for servers running
Apache 1.x, which will report incorrect Content-Length for files larger than 2 gigabytes.
For FTP (since 7.46.0), skip the RETR command to figure out the size before downloading a file.
-i, --include
Include the HTTP response headers in the output. The HTTP response headers can include things like
server name, cookies, date of the document, HTTP version and more...
To view the request headers, consider the -v, --verbose option.
See also -v, --verbose.
-k, --insecure
(TLS) By default, every SSL connection curl makes is verified to be secure. This option allows curl to
proceed and operate even for server connections otherwise considered insecure.
The server connection is verified by making sure the server's certificate contains the right name and
verifies successfully using the cert store.
See this online resource for further details:
https://curl.haxx.se/docs/sslcerts.html
See also --proxy-insecure and --cacert.
--interface <name>
Perform an operation using a specified interface. You can enter interface name, IP address or host name.
An example could look like:
curl --interface eth0:1 https://www.example.com/
If this option is used several times, the last one will be used.
On Linux it can be used to specify a VRF, but the binary needs to either have CAP_NET_RAW or to be run
as root. More information about Linux VRF: https://www.kernel.org/doc/Documentation/networking/vrf.txt
See also --dns-interface.
-4, --ipv4
This option tells curl to resolve names to IPv4 addresses only, and not for example try IPv6.
See also --http1.1 and --http2. This option overrides -6, --ipv6.
-6, --ipv6
This option tells curl to resolve names to IPv6 addresses only, and not for example try IPv4.
See also --http1.1 and --http2. This option overrides -6, --ipv6.
-j, --junk-session-cookies
(HTTP) When curl is told to read cookies from a given file, this option will make it discard all "ses‐
sion cookies". This will basically have the same effect as if a new session is started. Typical browsers