-
Notifications
You must be signed in to change notification settings - Fork 4
/
curl.txt
4351 lines (2883 loc) · 208 KB
/
curl.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
curl(1) curl Manual curl(1)
NAME
curl - transfer a URL
SYNOPSIS
curl [options / URLs]
DESCRIPTION
curl is a tool for transferring data from or to a server. It supports these protocols: DICT, FILE, FTP, FTPS, GO‐
PHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS,
SMTP, SMTPS, TELNET or TFTP. The command is designed to work without user interaction.
curl offers a busload of useful tricks like proxy support, user authentication, FTP upload, HTTP post, SSL connec‐
tions, cookies, file transfer resume and more. As you will see below, the number of features will make your head
spin.
curl is powered by libcurl for all transfer-related features. See libcurl(3) for details.
URL
The URL syntax is protocol-dependent. You find a detailed description in RFC 3986.
You can specify multiple URLs or parts of URLs by writing part sets within braces and quoting the URL as in:
"http://site.{one,two,three}.com"
or you can get sequences of alphanumeric series by using [] as in:
"ftp://ftp.example.com/file[1-100].txt"
"ftp://ftp.example.com/file[001-100].txt" (with leading zeros)
"ftp://ftp.example.com/file[a-z].txt"
Nested sequences are not supported, but you can use several ones next to each other:
"http://example.com/archive[1996-1999]/vol[1-4]/part{a,b,c}.html"
You can specify any amount of URLs on the command line. They will be fetched in a sequential manner in the specified
order. You can specify command line options and URLs mixed and in any order on the command line.
You can specify a step counter for the ranges to get every Nth number or letter:
"http://example.com/file[1-100:10].txt"
"http://example.com/file[a-z:2].txt"
When using [] or {} sequences when invoked from a command line prompt, you probably have to put the full URL within
double quotes to avoid the shell from interfering with it. This also goes for other characters treated special, like
for example '&', '?' and '*'.
Provide the IPv6 zone index in the URL with an escaped percentage sign and the interface name. Like in
"http://[fe80::3%25eth0]/"
If you specify URL without protocol:// prefix, curl will attempt to guess what protocol you might want. It will then
default to HTTP but try other protocols based on often-used host name prefixes. For example, for host names starting
with "ftp." curl will assume you want to speak FTP.
curl will do its best to use what you pass to it as a URL. It is not trying to validate it as a syntactically cor‐
rect URL by any means but is fairly liberal with what it accepts.
curl will attempt to re-use connections for multiple file transfers, so that getting many files from the same server
will not do multiple connects / handshakes. This improves speed. Of course this is only done on files specified on a
single command line and cannot be used between separate curl invocations.
OUTPUT
If not told otherwise, curl writes the received data to stdout. It can be instructed to instead save that data into
a local file, using the --output or --remote-name options. If curl is given multiple URLs to transfer on the command
line, it similarly needs multiple options for where to save them.
curl does not parse or otherwise "understand" the content it gets or writes as output. It does no encoding or decod‐
ing, unless explicitly asked to with dedicated command line options.
PROTOCOLS
curl supports numerous protocols, or put in URL terms: schemes. Your particular build may not support them all.
DICT Lets you lookup words using online dictionaries.
FILE Read or write local files. curl does not support accessing file:// URL remotely, but when running on Micro‐
soft Windows using the native UNC approach will work.
FTP(S) curl supports the File Transfer Protocol with a lot of tweaks and levers. With or without using TLS.
GOPHER(S)
Retrieve files.
HTTP(S)
curl supports HTTP with numerous options and variations. It can speak HTTP version 0.9, 1.0, 1.1, 2 and 3 de‐
pending on build options and the correct command line options.
IMAP(S)
Using the mail reading protocol, curl can "download" emails for you. With or without using TLS.
LDAP(S)
curl can do directory lookups for you, with or without TLS.
MQTT curl supports MQTT version 3. Downloading over MQTT equals "subscribe" to a topic while uploading/posting
equals "publish" on a topic. MQTT over TLS is not supported (yet).
POP3(S)
Downloading from a pop3 server means getting a mail. With or without using TLS.
RTMP(S)
The Realtime Messaging Protocol is primarily used to server streaming media and curl can download it.
RTSP curl supports RTSP 1.0 downloads.
SCP curl supports SSH version 2 scp transfers.
SFTP curl supports SFTP (draft 5) done over SSH version 2.
SMB(S) curl supports SMB version 1 for upload and download.
SMTP(S)
Uploading contents to an SMTP server means sending an email. With or without TLS.
TELNET Telling curl to fetch a telnet URL starts an interactive session where it sends what it reads on stdin and
outputs what the server sends it.
TFTP curl can do TFTP downloads and uploads.
PROGRESS METER
curl normally displays a progress meter during operations, indicating the amount of transferred data, transfer
speeds and estimated time left, etc. The progress meter displays number of bytes and the speeds are in bytes per
second. The suffixes (k, M, G, T, P) are 1024 based. For example 1k is 1024 bytes. 1M is 1048576 bytes.
curl displays this data to the terminal by default, so if you invoke curl to do an operation and it is about to
write data to the terminal, it disables the progress meter as otherwise it would mess up the output mixing progress
meter and response data.
If you want a progress meter for HTTP POST or PUT requests, you need to redirect the response output to a file, us‐
ing shell redirect (>), --output or similar.
This does not apply to FTP upload as that operation does not spit out any response data to the terminal.
If you prefer a progress "bar" instead of the regular meter, --progress-bar is your friend. You can also disable the
progress meter completely with the --silent option.
OPTIONS
Options start with one or two dashes. Many of the options require an additional value next to them.
The short "single-dash" form of the options, -d for example, may be used with or without a space between it and its
value, although a space is a recommended separator. The long "double-dash" form, --data for example, requires a
space between it and its value.
Short version options that do not need any additional values can be used immediately next to each other, like for
example you can specify all the options -O, -L and -v at once as -OLv.
In general, all boolean options are enabled with --option and yet again disabled with --no-option. That is, you use
the same option name but prefix it with "no-". However, in this list we mostly only list and show the --option ver‐
sion of them.
--abstract-unix-socket <path>
(HTTP) Connect through an abstract Unix domain socket, instead of using the network. Note: netstat shows the
path of an abstract socket prefixed with '@', however the <path> argument should not have this leading char‐
acter.
Example:
curl --abstract-unix-socket socketpath https://example.com
See also --unix-socket. Added in 7.53.0.
--alt-svc <file name>
(HTTPS) This option enables the alt-svc parser in curl. If the file name points to an existing alt-svc cache
file, that will be used. After a completed transfer, the cache will be saved to the file name again if it has
been modified.
Specify a "" file name (zero length) to avoid loading/saving and make curl just handle the cache in memory.
If this option is used several times, curl will load contents from all the files but the last one will be
used for saving.
Example:
curl --alt-svc svc.txt https://example.com
See also --resolve and --connect-to. Added in 7.64.1.
--anyauth
(HTTP) Tells curl to figure out authentication method by itself, and use the most secure one the remote site
claims to support. This is done by first doing a request and checking the response-headers, thus possibly in‐
ducing an extra network round-trip. This is used instead of setting a specific authentication method, which
you can do with --basic, --digest, --ntlm, and --negotiate.
Using --anyauth is not recommended if you do uploads from stdin, since it may require data to be sent twice
and then the client must be able to rewind. If the need should arise when uploading from stdin, the upload
operation will fail.
Used together with -u, --user.
Example:
curl --anyauth --user me:pwd https://example.com
See also --proxy-anyauth, --basic and --digest.
-a, --append
(FTP SFTP) When used in an upload, this makes curl append to the target file instead of overwriting it. If
the remote file does not exist, it will be created. Note that this flag is ignored by some SFTP servers (in‐
cluding OpenSSH).
Example:
curl --upload-file local --append ftp://example.com/
See also -r, --range and -C, --continue-at.
--aws-sigv4 <provider1[:provider2[:region[:service]]]>
Use AWS V4 signature authentication in the transfer.
The provider argument is a string that is used by the algorithm when creating outgoing authentication head‐
ers.
The region argument is a string that points to a geographic area of a resources collection (region-code) when
the region name is omitted from the endpoint.
The service argument is a string that points to a function provided by a cloud (service-code) when the ser‐
vice name is omitted from the endpoint.
Example:
curl --aws-sigv4 "aws:amz:east-2:es" --user "key:secret" https://example.com
See also --basic and -u, --user. Added in 7.75.0.
--basic
(HTTP) Tells curl to use HTTP Basic authentication with the remote host. This is the default and this option
is usually pointless, unless you use it to override a previously set option that sets a different authentica‐
tion method (such as --ntlm, --digest, or --negotiate).
Used together with -u, --user.
Example:
curl -u name:password --basic https://example.com
See also --proxy-basic.
--cacert <file>
(TLS) Tells curl to use the specified certificate file to verify the peer. The file may contain multiple CA
certificates. The certificate(s) must be in PEM format. Normally curl is built to use a default file for
this, so this option is typically used to alter that default file.
curl recognizes the environment variable named 'CURL_CA_BUNDLE' if it is set, and uses the given path as a
path to a CA cert bundle. This option overrides that variable.
The windows version of curl will automatically look for a CA certs file named 'curl-ca-bundle.crt', either in
the same directory as curl.exe, or in the Current Working Directory, or in any folder along your PATH.
If curl is built against the NSS SSL library, the NSS PEM PKCS#11 module (libnsspem.so) needs to be available
for this option to work properly.
(iOS and macOS only) If curl is built against Secure Transport, then this option is supported for backward
compatibility with other SSL engines, but it should not be set. If the option is not set, then curl will use
the certificates in the system and user Keychain to verify the peer, which is the preferred method of verify‐
ing the peer's certificate chain.
(Schannel only) This option is supported for Schannel in Windows 7 or later with libcurl 7.60 or later. This
option is supported for backward compatibility with other SSL engines; instead it is recommended to use Win‐
dows' store of root certificates (the default for Schannel).
If this option is used several times, the last one will be used.
Example:
curl --cacert CA-file.txt https://example.com
See also --capath and -k, --insecure.
--capath <dir>
(TLS) Tells curl to use the specified certificate directory to verify the peer. Multiple paths can be pro‐
vided by separating them with ":" (e.g. "path1:path2:path3"). The certificates must be in PEM format, and if
curl is built against OpenSSL, the directory must have been processed using the c_rehash utility supplied
with OpenSSL. Using --capath can allow OpenSSL-powered curl to make SSL-connections much more efficiently
than using --cacert if the --cacert file contains many CA certificates.
If this option is set, the default capath value will be ignored, and if it is used several times, the last
one will be used.
Example:
curl --capath /local/directory https://example.com
See also --cacert and -k, --insecure.
--cert-status
(TLS) Tells curl to verify the status of the server certificate by using the Certificate Status Request (aka.
OCSP stapling) TLS extension.
If this option is enabled and the server sends an invalid (e.g. expired) response, if the response suggests
that the server certificate has been revoked, or no response at all is received, the verification fails.
This is currently only implemented in the OpenSSL, GnuTLS and NSS backends.
Example:
curl --cert-status https://example.com
See also --pinnedpubkey. Added in 7.41.0.
--cert-type <type>
(TLS) Tells curl what type the provided client certificate is using. PEM, DER, ENG and P12 are recognized
types.
The default type depends on the TLS backend and is usually PEM, however for Secure Transport and Schannel it
is P12. If --cert is a pkcs11: URI then ENG is the default type.
If this option is used several times, the last one will be used.
Example:
curl --cert-type PEM --cert file https://example.com
See also -E, --cert, --key and --key-type.
-E, --cert <certificate[:password]>
(TLS) Tells curl to use the specified client certificate file when getting a file with HTTPS, FTPS or another
SSL-based protocol. The certificate must be in PKCS#12 format if using Secure Transport, or PEM format if us‐
ing any other engine. If the optional password is not specified, it will be queried for on the terminal. Note
that this option assumes a "certificate" file that is the private key and the client certificate concate‐
nated! See --cert and --key to specify them independently.
If curl is built against the NSS SSL library then this option can tell curl the nickname of the certificate
to use within the NSS database defined by the environment variable SSL_DIR (or by default /etc/pki/nssdb). If
the NSS PEM PKCS#11 module (libnsspem.so) is available then PEM files may be loaded. If you want to use a
file from the current directory, please precede it with "./" prefix, in order to avoid confusion with a nick‐
name. If the nickname contains ":", it needs to be preceded by "\" so that it is not recognized as password
delimiter. If the nickname contains "\", it needs to be escaped as "\\" so that it is not recognized as an
escape character.
If curl is built against OpenSSL library, and the engine pkcs11 is available, then a PKCS#11 URI (RFC 7512)
can be used to specify a certificate located in a PKCS#11 device. A string beginning with "pkcs11:" will be
interpreted as a PKCS#11 URI. If a PKCS#11 URI is provided, then the --engine option will be set as "pkcs11"
if none was provided and the --cert-type option will be set as "ENG" if none was provided.
(iOS and macOS only) If curl is built against Secure Transport, then the certificate string can either be the
name of a certificate/private key in the system or user keychain, or the path to a PKCS#12-encoded certifi‐
cate and private key. If you want to use a file from the current directory, please precede it with "./" pre‐
fix, in order to avoid confusion with a nickname.
(Schannel only) Client certificates must be specified by a path expression to a certificate store. (Loading
PFX is not supported; you can import it to a store first). You can use "<store location>\<store
name>\<thumbprint>" to refer to a certificate in the system certificates store, for example, "Curren‐
tUser\MY\934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a". Thumbprint is usually a SHA-1 hex string which you can
see in certificate details. Following store locations are supported: CurrentUser, LocalMachine, CurrentSer‐
vice, Services, CurrentUserGroupPolicy, LocalMachineGroupPolicy, LocalMachineEnterprise.
If this option is used several times, the last one will be used.
Example:
curl --cert certfile --key keyfile https://example.com
See also --cert-type, --key and --key-type.
--ciphers <list of ciphers>
(TLS) Specifies which ciphers to use in the connection. The list of ciphers must specify valid ciphers. Read
up on SSL cipher list details on this URL:
https://curl.se/docs/ssl-ciphers.html
If this option is used several times, the last one will be used.
Example:
curl --ciphers ECDHE-ECDSA-AES256-CCM8 https://example.com
See also --tlsv1.3.
--compressed-ssh
(SCP SFTP) Enables built-in SSH compression. This is a request, not an order; the server may or may not do
it.
Example:
curl --compressed-ssh sftp://example.com/
See also --compressed. Added in 7.56.0.
--compressed
(HTTP) Request a compressed response using one of the algorithms curl supports, and automatically decompress
the content. Headers are not modified.
If this option is used and the server sends an unsupported encoding, curl will report an error. This is a re‐
quest, not an order; the server may or may not deliver data compressed.
Example:
curl --compressed https://example.com
See also --compressed-ssh.
-K, --config <file>
Specify a text file to read curl arguments from. The command line arguments found in the text file will be
used as if they were provided on the command line.
Options and their parameters must be specified on the same line in the file, separated by whitespace, colon,
or the equals sign. Long option names can optionally be given in the config file without the initial double
dashes and if so, the colon or equals characters can be used as separators. If the option is specified with
one or two dashes, there can be no colon or equals character between the option and its parameter.
If the parameter contains whitespace (or starts with : or =), the parameter must be enclosed within quotes.
Within double quotes, the following escape sequences are available: \\, \", \t, \n, \r and \v. A backslash
preceding any other letter is ignored.
If the first column of a config line is a '#' character, the rest of the line will be treated as a comment.
Only write one option per physical line in the config file.
Specify the filename to --config as '-' to make curl read the file from stdin.
Note that to be able to specify a URL in the config file, you need to specify it using the --url option, and
not by simply writing the URL on its own line. So, it could look similar to this:
url = "https://curl.se/docs/"
# --- Example file ---
# this is a comment
url = "example.com"
output = "curlhere.html"
user-agent = "superagent/1.0"
# and fetch another URL too
url = "example.com/docs/manpage.html"
-O
referer = "http://nowhereatall.example.com/"
# --- End of example file ---
When curl is invoked, it (unless --disable is used) checks for a default config file and uses it if found,
even when --config is used. The default config file is checked for in the following places in this order:
1) "$CURL_HOME/.curlrc"
2) "$XDG_CONFIG_HOME/.curlrc" (Added in 7.73.0)
3) "$HOME/.curlrc"
4) Windows: "%USERPROFILE%\.curlrc"
5) Windows: "%APPDATA%\.curlrc"
6) Windows: "%USERPROFILE%\Application Data\.curlrc"
7) Non-Windows: use getpwuid to find the home directory
8) On Windows, if it finds no .curlrc file in the sequence described above, it checks for one in the same dir
the curl executable is placed.
On Windows two filenames are checked per location: .curlrc and _curlrc, preferring the former. Older versions
on Windows checked for _curlrc only.
This option can be used multiple times to load multiple config files.
Example:
curl --config file.txt https://example.com
See also -q, --disable.
--connect-timeout <fractional seconds>
Maximum time in seconds that you allow curl's connection to take. This only limits the connection phase, so
if curl connects within the given period it will continue - if not it will exit. Since version 7.32.0, this
option accepts decimal values.
If this option is used several times, the last one will be used.
Examples:
curl --connect-timeout 20 https://example.com
curl --connect-timeout 3.14 https://example.com
See also -m, --max-time.
--connect-to <HOST1:PORT1:HOST2:PORT2>
For a request to the given HOST1:PORT1 pair, connect to HOST2:PORT2 instead. This option is suitable to di‐
rect requests at a specific server, e.g. at a specific cluster node in a cluster of servers. This option is
only used to establish the network connection. It does NOT affect the hostname/port that is used for TLS/SSL
(e.g. SNI, certificate verification) or for the application protocols. "HOST1" and "PORT1" may be the empty
string, meaning "any host/port". "HOST2" and "PORT2" may also be the empty string, meaning "use the request's
original host/port".
A "host" specified to this option is compared as a string, so it needs to match the name used in request URL.
It can be either numerical such as "127.0.0.1" or the full host name such as "example.org".
This option can be used many times to add many connect rules.
Example:
curl --connect-to example.com:443:example.net:8443 https://example.com
See also --resolve and -H, --header. Added in 7.49.0.
-C, --continue-at <offset>
Continue/Resume a previous file transfer at the given offset. The given offset is the exact number of bytes
that will be skipped, counting from the beginning of the source file before it is transferred to the destina‐
tion. If used with uploads, the FTP server command SIZE will not be used by curl.
Use "-C -" to tell curl to automatically find out where/how to resume the transfer. It then uses the given
output/input files to figure that out.
If this option is used several times, the last one will be used.
Examples:
curl -C - https://example.com
curl -C 400 https://example.com
See also -r, --range.
-c, --cookie-jar <filename>
(HTTP) Specify to which file you want curl to write all cookies after a completed operation. Curl writes all
cookies from its in-memory cookie storage to the given file at the end of operations. If no cookies are
known, no data will be written. The file will be written using the Netscape cookie file format. If you set
the file name to a single dash, "-", the cookies will be written to stdout.
This command line option will activate the cookie engine that makes curl record and use cookies. Another way
to activate it is to use the --cookie option.
If the cookie jar cannot be created or written to, the whole curl operation will not fail or even report an
error clearly. Using --verbose will get a warning displayed, but that is the only visible feedback you get
about this possibly lethal situation.
If this option is used several times, the last specified file name will be used.
Examples:
curl -c store-here.txt https://example.com
curl -c store-here.txt -b read-these https://example.com
See also -b, --cookie.
-b, --cookie <data|filename>
(HTTP) Pass the data to the HTTP server in the Cookie header. It is supposedly the data previously received
from the server in a "Set-Cookie:" line. The data should be in the format "NAME1=VALUE1; NAME2=VALUE2". This
makes curl use the cookie header with this content explicitly in all outgoing request(s). If multiple re‐
quests are done due to authentication, followed redirects or similar, they will all get this cookie passed
on.
If no '=' symbol is used in the argument, it is instead treated as a filename to read previously stored
cookie from. This option also activates the cookie engine which will make curl record incoming cookies, which
may be handy if you are using this in combination with the --location option or do multiple URL transfers on
the same invoke. If the file name is exactly a minus ("-"), curl will instead read the contents from stdin.
The file format of the file to read cookies from should be plain HTTP headers (Set-Cookie style) or the Net‐
scape/Mozilla cookie file format.
The file specified with --cookie is only used as input. No cookies will be written to the file. To store
cookies, use the --cookie-jar option.
If you use the Set-Cookie file format and do not specify a domain then the cookie is not sent since the do‐
main will never match. To address this, set a domain in Set-Cookie line (doing that will include sub-domains)
or preferably: use the Netscape format.
This option can be used multiple times.
Users often want to both read cookies from a file and write updated cookies back to a file, so using both
--cookie and --cookie-jar in the same command line is common.
Examples:
curl -b cookiefile https://example.com
curl -b cookiefile -c cookiefile https://example.com
See also -c, --cookie-jar and -j, --junk-session-cookies.
--create-dirs
When used in conjunction with the --output option, curl will create the necessary local directory hierarchy
as needed. This option creates the directories mentioned with the --output option, nothing else. If the
--output file name uses no directory, or if the directories it mentions already exist, no directories will be
created.
Created dirs are made with mode 0750 on unix style file systems.
To create remote directories when using FTP or SFTP, try --ftp-create-dirs.
Example:
curl --create-dirs --output local/dir/file https://example.com
See also --ftp-create-dirs and --output-dir.
--create-file-mode <mode>
(SFTP SCP FILE) When curl is used to create files remotely using one of the supported protocols, this option
allows the user to set which 'mode' to set on the file at creation time, instead of the default 0644.
This option takes an octal number as argument.
If this option is used several times, the last one will be used.
Example:
curl --create-file-mode 0777 -T localfile sftp://example.com/new
See also --ftp-create-dirs. Added in 7.75.0.
--crlf (FTP SMTP) Convert LF to CRLF in upload. Useful for MVS (OS/390).
(SMTP added in 7.40.0)
Example:
curl --crlf -T file ftp://example.com/
See also -B, --use-ascii.
--crlfile <file>
(TLS) Provide a file using PEM format with a Certificate Revocation List that may specify peer certificates
that are to be considered revoked.
If this option is used several times, the last one will be used.
Example:
curl --crlfile rejects.txt https://example.com
See also --cacert and --capath.
--curves <algorithm list>
(TLS) Tells curl to request specific curves to use during SSL session establishment according to RFC 8422,
5.1. Multiple algorithms can be provided by separating them with ":" (e.g. "X25519:P-521"). The parameter
is available identically in the "openssl s_client/s_server" utilities.
--curves allows a OpenSSL powered curl to make SSL-connections with exactly the (EC) curve requested by the
client, avoiding nontransparent client/server negotiations.
If this option is set, the default curves list built into openssl will be ignored.
Example:
curl --curves X25519 https://example.com
See also --ciphers. Added in 7.73.0.
--data-ascii <data>
(HTTP) This is just an alias for -d, --data.
Example:
curl --data-ascii @file https://example.com
See also --data-binary, --data-raw and --data-urlencode.
--data-binary <data>
(HTTP) This posts data exactly as specified with no extra processing whatsoever.
If you start the data with the letter @, the rest should be a filename. Data is posted in a similar manner as
--data does, except that newlines and carriage returns are preserved and conversions are never done.
Like --data the default content-type sent to the server is application/x-www-form-urlencoded. If you want the
data to be treated as arbitrary binary data by the server then set the content-type to octet-stream: -H "Con‐
tent-Type: application/octet-stream".
If this option is used several times, the ones following the first will append data as described in -d,
--data.
Example:
curl --data-binary @filename https://example.com
See also --data-ascii.
--data-raw <data>
(HTTP) This posts data similarly to --data but without the special interpretation of the @ character.
Examples:
curl --data-raw "hello" https://example.com
curl --data-raw "@at@at@" https://example.com
See also -d, --data. Added in 7.43.0.
--data-urlencode <data>
(HTTP) This posts data, similar to the other --data options with the exception that this performs URL-encod‐
ing.
To be CGI-compliant, the <data> part should begin with a name followed by a separator and a content specifi‐
cation. The <data> part can be passed to curl using one of the following syntaxes:
content
This will make curl URL-encode the content and pass that on. Just be careful so that the content does
not contain any = or @ symbols, as that will then make the syntax match one of the other cases below!
=content
This will make curl URL-encode the content and pass that on. The preceding = symbol is not included in
the data.
name=content
This will make curl URL-encode the content part and pass that on. Note that the name part is expected
to be URL-encoded already.
@filename
This will make curl load data from the given file (including any newlines), URL-encode that data and
pass it on in the POST.
name@filename
This will make curl load data from the given file (including any newlines), URL-encode that data and
pass it on in the POST. The name part gets an equal sign appended, resulting in name=urlencoded-file-
content. Note that the name is expected to be URL-encoded already.
Examples:
curl --data-urlencode name=val https://example.com
curl --data-urlencode =encodethis https://example.com
curl --data-urlencode name@file https://example.com
curl --data-urlencode @fileonly https://example.com
See also -d, --data and --data-raw.
-d, --data <data>
(HTTP MQTT) Sends the specified data in a POST request to the HTTP server, in the same way that a browser
does when a user has filled in an HTML form and presses the submit button. This will cause curl to pass the
data to the server using the content-type application/x-www-form-urlencoded. Compare to -F, --form.
--data-raw is almost the same but does not have a special interpretation of the @ character. To post data
purely binary, you should instead use the --data-binary option. To URL-encode the value of a form field you
may use --data-urlencode.
If any of these options is used more than once on the same command line, the data pieces specified will be
merged with a separating &-symbol. Thus, using '-d name=daniel -d skill=lousy' would generate a post chunk
that looks like 'name=daniel&skill=lousy'.
If you start the data with the letter @, the rest should be a file name to read the data from, or - if you
want curl to read the data from stdin. Posting data from a file named 'foobar' would thus be done with -d,
--data @foobar. When --data is told to read from a file like that, carriage returns and newlines will be
stripped out. If you do not want the @ character to have a special interpretation use --data-raw instead.
Examples:
curl -d "name=curl" https://example.com
curl -d "name=curl" -d "tool=cmdline" https://example.com
curl -d @filename https://example.com
See also --data-binary, --data-urlencode and --data-raw. This option is mutually exclusive to -F, --form and
-I, --head and -T, --upload-file.
--delegation <LEVEL>
(GSS/kerberos) Set LEVEL to tell the server what it is allowed to delegate when it comes to user credentials.
none Do not allow any delegation.
policy Delegates if and only if the OK-AS-DELEGATE flag is set in the Kerberos service ticket, which is a
matter of realm policy.
always Unconditionally allow the server to delegate.
If this option is used several times, the last one will be used.
Example:
curl --delegation "none" https://example.com
See also -k, --insecure and --ssl.
--digest
(HTTP) Enables HTTP Digest authentication. This is an authentication scheme that prevents the password from
being sent over the wire in clear text. Use this in combination with the normal --user option to set user
name and password.
If this option is used several times, only the first one is used.
Example:
curl -u name:password --digest https://example.com
See also -u, --user, --proxy-digest and --anyauth. This option is mutually exclusive to --basic and --ntlm
and --negotiate.
--disable-eprt
(FTP) Tell curl to disable the use of the EPRT and LPRT commands when doing active FTP transfers. Curl will
normally always first attempt to use EPRT, then LPRT before using PORT, but with this option, it will use
PORT right away. EPRT and LPRT are extensions to the original FTP protocol, and may not work on all servers,
but they enable more functionality in a better way than the traditional PORT command.
--eprt can be used to explicitly enable EPRT again and --no-eprt is an alias for --disable-eprt.
If the server is accessed using IPv6, this option will have no effect as EPRT is necessary then.
Disabling EPRT only changes the active behavior. If you want to switch to passive mode you need to not use
--ftp-port or force it with --ftp-pasv.
Example:
curl --disable-eprt ftp://example.com/
See also --disable-epsv and -P, --ftp-port.
--disable-epsv
(FTP) Tell curl to disable the use of the EPSV command when doing passive FTP transfers. Curl will normally
always first attempt to use EPSV before PASV, but with this option, it will not try using EPSV.
--epsv can be used to explicitly enable EPSV again and --no-epsv is an alias for --disable-epsv.
If the server is an IPv6 host, this option will have no effect as EPSV is necessary then.
Disabling EPSV only changes the passive behavior. If you want to switch to active mode you need to use -P,
--ftp-port.
Example:
curl --disable-epsv ftp://example.com/
See also --disable-eprt and -P, --ftp-port.
-q, --disable
If used as the first parameter on the command line, the curlrc config file will not be read and used. See the
--config for details on the default config file search path.
Example:
curl -q https://example.com
See also -K, --config.
--disallow-username-in-url
(HTTP) This tells curl to exit if passed a URL containing a username. This is probably most useful when the
URL is being provided at runtime or similar.
Example:
curl --disallow-username-in-url https://example.com
See also --proto. Added in 7.61.0.
--dns-interface <interface>
(DNS) Tell curl to send outgoing DNS requests through <interface>. This option is a counterpart to --inter‐
face (which does not affect DNS). The supplied string must be an interface name (not an address).
Example:
curl --dns-interface eth0 https://example.com
See also --dns-ipv4-addr and --dns-ipv6-addr. --dns-interface requires that the underlying libcurl was built
to support c-ares. Added in 7.33.0.
--dns-ipv4-addr <address>
(DNS) Tell curl to bind to <ip-address> when making IPv4 DNS requests, so that the DNS requests originate
from this address. The argument should be a single IPv4 address.
If this option is used several times, the last one will be used.
Example:
curl --dns-ipv4-addr 10.1.2.3 https://example.com
See also --dns-interface and --dns-ipv6-addr. --dns-ipv4-addr requires that the underlying libcurl was built
to support c-ares. Added in 7.33.0.
--dns-ipv6-addr <address>
(DNS) Tell curl to bind to <ip-address> when making IPv6 DNS requests, so that the DNS requests originate
from this address. The argument should be a single IPv6 address.
If this option is used several times, the last one will be used.
Example:
curl --dns-ipv6-addr 2a04:4e42::561 https://example.com
See also --dns-interface and --dns-ipv4-addr. --dns-ipv6-addr requires that the underlying libcurl was built
to support c-ares. Added in 7.33.0.
--dns-servers <addresses>
Set the list of DNS servers to be used instead of the system default. The list of IP addresses should be
separated with commas. Port numbers may also optionally be given as :<port-number> after each IP address.
If this option is used several times, the last one will be used.
Example:
curl --dns-servers 192.168.0.1,192.168.0.2 https://example.com
See also --dns-interface and --dns-ipv4-addr. --dns-servers requires that the underlying libcurl was built to
support c-ares. Added in 7.33.0.
--doh-cert-status
Same as --cert-status but used for DoH (DNS-over-HTTPS).
Example:
curl --doh-cert-status --doh-url https://doh.example https://example.com
See also --doh-insecure. Added in 7.76.0.
--doh-insecure
Same as --insecure but used for DoH (DNS-over-HTTPS).
Example:
curl --doh-insecure --doh-url https://doh.example https://example.com
See also --doh-url. Added in 7.76.0.
--doh-url <URL>
Specifies which DNS-over-HTTPS (DoH) server to use to resolve hostnames, instead of using the default name
resolver mechanism. The URL must be HTTPS.
Some SSL options that you set for your transfer will apply to DoH since the name lookups take place over SSL.
However, the certificate verification settings are not inherited and can be controlled separately via --doh-
insecure and --doh-cert-status.
If this option is used several times, the last one will be used.
Example:
curl --doh-url https://doh.example https://example.com
See also --doh-insecure. Added in 7.62.0.
-D, --dump-header <filename>
(HTTP FTP) Write the received protocol headers to the specified file. If no headers are received, the use of
this option will create an empty file.
When used in FTP, the FTP server response lines are considered being "headers" and thus are saved there.
If this option is used several times, the last one will be used.
Example:
curl --dump-header store.txt https://example.com
See also -o, --output.
--egd-file <file>
(TLS) Specify the path name to the Entropy Gathering Daemon socket. The socket is used to seed the random en‐
gine for SSL connections.
Example:
curl --egd-file /random/here https://example.com
See also --random-file.
--engine <name>
(TLS) Select the OpenSSL crypto engine to use for cipher operations. Use --engine list to print a list of
build-time supported engines. Note that not all (and possibly none) of the engines may be available at run‐
time.
Example:
curl --engine flavor https://example.com
See also --ciphers and --curves.
--etag-compare <file>
(HTTP) This option makes a conditional HTTP request for the specific ETag read from the given file by sending
a custom If-None-Match header using the stored ETag.
For correct results, make sure that the specified file contains only a single line with the desired ETag. An
empty file is parsed as an empty ETag.
Use the option --etag-save to first save the ETag from a response, and then use this option to compare
against the saved ETag in a subsequent request.
Example:
curl --etag-compare etag.txt https://example.com
See also --etag-save and -z, --time-cond. Added in 7.68.0.
--etag-save <file>
(HTTP) This option saves an HTTP ETag to the specified file. An ETag is a caching related header, usually re‐
turned in a response.
If no ETag is sent by the server, an empty file is created.
Example:
curl --etag-save storetag.txt https://example.com
See also --etag-compare. Added in 7.68.0.
--expect100-timeout <seconds>
(HTTP) Maximum time in seconds that you allow curl to wait for a 100-continue response when curl emits an Ex‐
pects: 100-continue header in its request. By default curl will wait one second. This option accepts decimal
values! When curl stops waiting, it will continue as if the response has been received.
Example:
curl --expect100-timeout 2.5 -T file https://example.com
See also --connect-timeout. Added in 7.47.0.
--fail-early
Fail and exit on the first detected transfer error.
When curl is used to do multiple transfers on the command line, it will attempt to operate on each given URL,
one by one. By default, it will ignore errors if there are more URLs given and the last URL's success will
determine the error code curl returns. So early failures will be "hidden" by subsequent successful transfers.
Using this option, curl will instead return an error on the first transfer that fails, independent of the
amount of URLs that are given on the command line. This way, no transfer failures go undetected by scripts
and similar.
This option is global and does not need to be specified for each use of -:, --next.
This option does not imply -f, --fail, which causes transfers to fail due to the server's HTTP status code.
You can combine the two options, however note --fail is not global and is therefore contained by -:, --next.
Example:
curl --fail-early https://example.com https://two.example
See also -f, --fail and --fail-with-body. Added in 7.52.0.
--fail-with-body
(HTTP) Return an error on server errors where the HTTP response code is 400 or greater). In normal cases when
an HTTP server fails to deliver a document, it returns an HTML document stating so (which often also de‐
scribes why and more). This flag will still allow curl to output and save that content but also to return er‐
ror 22.
This is an alternative option to --fail which makes curl fail for the same circumstances but without saving
the content.
Example:
curl --fail-with-body https://example.com
See also -f, --fail. Added in 7.76.0.
-f, --fail
(HTTP) Fail fast with no output at all on server errors. This is useful to enable scripts and users to better
deal with failed attempts. In normal cases when an HTTP server fails to deliver a document, it returns an
HTML document stating so (which often also describes why and more). This flag will prevent curl from out‐
putting that and return error 22.
This method is not fail-safe and there are occasions where non-successful response codes will slip through,
especially when authentication is involved (response codes 401 and 407).
Example:
curl --fail https://example.com
See also --fail-with-body.
--false-start
(TLS) Tells curl to use false start during the TLS handshake. False start is a mode where a TLS client will
start sending application data before verifying the server's Finished message, thus saving a round trip when
performing a full handshake.
This is currently only implemented in the NSS and Secure Transport (on iOS 7.0 or later, or OS X 10.9 or
later) backends.
Example:
curl --false-start https://example.com
See also --tcp-fastopen. Added in 7.42.0.
--form-escape
(HTTP) Tells curl to pass on names of multipart form fields and files using backslash-escaping instead of
percent-encoding.