Curl - HyongAndToru/hello-world. GitHub Wiki

                                _   _ ____  _
Project                     ___| | | |  _ \| |
                           / __| | | | |_) | |
                          | (__| |_| |  _ <| |___
                           \___|\___/|_| \_\_____|

curl offers a busload of useful tricks like proxy support, user authen-
tication, FTP upload, HTTP post, SSL connections, cookies, file  trans-
fer  resume,  Metalink,  and more. As you will see below, the number of
features will make your head spin!

curl is powered by  libcurl  for  all  transfer-related  features.  See
libcurl(3) for details.

You can specify multiple URLs or parts of URLs  by  writing  part  sets
within braces as in:

http://site.{one,two,three}.com

or you can get sequences of alphanumeric series by using [] as in:

ftp://ftp.example.com/file[1-100].txt

ftp://ftp.example.com/file[001-100].txt    (with leading zeros)

ftp://ftp.example.com/file[a-z].txt

Nested  sequences  are not supported, but you can use several ones next
to each other:

http://example.com/archive[1996-1999]/vol[1-4]/part{a,b,c}.html

You can specify any amount of URLs on the command line.  They  will  be
fetched in a sequential manner in the specified order.

You  can  specify a step counter for the ranges to get every Nth number
or letter:

http://example.com/file[1-100:10].txt

http://example.com/file[a-z:2].txt

When using [] or {} sequences when invoked from a command line  prompt,
you probably have to put the full URL within double quotes to avoid the
shell from interfering with it. This also  goes  for  other  characters
treated special, like for example '&', '?' and '*'.

Provide  the IPv6 zone index in the URL with an escaped percentage sign
and the interface name. Like in

http://[fe80::3%25eth0]/

If you specify URL without protocol:// prefix,  curl  will  attempt  to
guess  what  protocol  you might want. It will then default to HTTP but
try other protocols based on often-used host name prefixes.  For  exam-
ple,  for  host names starting with "ftp." curl will assume you want to
speak FTP.

curl will do its best to use what you pass to it as a URL.  It  is  not
trying  to  validate it as a syntactically correct URL by any means but
is instead very liberal with what it accepts.

curl will attempt to re-use connections for multiple file transfers, so
that  getting many files from the same server will not do multiple con-
nects / handshakes. This improves speed. Of course this is only done on
files  specified  on  a  single command line and cannot be used between
separate curl invokes.

curl displays this data to the terminal by default, so  if  you  invoke
curl  to do an operation and it is about to write data to the terminal,
it disables the progress meter as otherwise it would mess up the output
mixing progress meter and response data.

If you want a progress meter for HTTP POST or PUT requests, you need to
redirect the response output to a file, using shell  redirect  (>),  -o
[file] or similar.

It  is not the same case for FTP upload as that operation does not spit
out any response data to the terminal.

       If you prefer a progress "bar" instead of the regular meter, -# is your
       friend.
OPTIONS
       Options  start  with  one or two dashes. Many of the options require an
       additional value next to them.

The short "single-dash" form of the options, -d  for  example,  may  be
used with or without a space between it and its value, although a space
is a recommended separator. The long  "double-dash"  form,  --data  for
example, requires a space between it and its value.

Short version options that don't need any additional values can be used
immediately next to each other, like for example you  can  specify  all
the options -O, -L and -v at once as -OLv.

In general, all boolean options are enabled with --option and yet again
disabled with --no-option. That is, you use the exact same option  name
but prefix it with "no-". However, in this list we mostly only list and
show the --option version of them. (This concept with --no options  was
added  in  7.19.0.  Previously  most  options  were  toggled  on/off on
repeated use of the same command line option.)

-#, --progress-bar
       Make curl display progress as a simple progress bar  instead  of
       the standard, more informational, meter.

-:, --next
       Tells curl to use a separate operation for the following URL and
       associated  options.  This  allows  you  to  send  several   URL
       requests,  each  with  their  own specific options, for example,
       such as different user names or custom requests for each. (Added
       in 7.36.0)

-0, --http1.0
       (HTTP)  Tells  curl to use HTTP version 1.0 instead of using its
       internally preferred: HTTP 1.1.

--http1.1
       (HTTP) Tells curl to use HTTP version 1.1. This is the  internal
       default version. (Added in 7.33.0)

--http2
       (HTTP)  Tells  curl  to  issue  its  requests using HTTP 2. This
       requires that the underlying libcurl was built  to  support  it.
       (Added in 7.33.0)

--http2-prior-knowledge
       (HTTP)  Tells  curl  to  issue  its  non-TLS HTTP requests using
       HTTP/2 without HTTP/1.1 Upgrade.  It  requires  prior  knowledge
       that  the  server  supports HTTP/2 straight away. HTTPS requests
       will still do HTTP/2 the standard way with  negotiated  protocol
       version in the TLS handshake.

HTTP/2  support  in  general  also  requires that the underlying
libcurl was built to support it. (Added in 7.49.0)

--no-npn
       Disable the NPN TLS extension. NPN  is  enabled  by  default  if
       libcurl  was built with an SSL library that supports NPN. NPN is
       used by a libcurl that supports HTTP 2 to negotiate HTTP 2  sup-
       port with the server during https sessions.

(Added in 7.36.0)

--no-alpn
       Disable  the  ALPN  TLS extension. ALPN is enabled by default if
       libcurl was built with an SSL library that supports  ALPN.  ALPN
       is  used  by  a libcurl that supports HTTP 2 to negotiate HTTP 2
       support with the server during https sessions.

(Added in 7.36.0)

-1, --tlsv1
       (SSL) Forces curl to use TLS version 1.x when negotiating with a
       remote  TLS  server.   You can use options --tlsv1.0, --tlsv1.1,
       and --tlsv1.2 to control the TLS version more precisely (if  the
       SSL backend in use supports such a level of control).

-2, --sslv2
       (SSL)  Forces  curl to use SSL version 2 when negotiating with a
       remote SSL server. Sometimes curl is built  without  SSLv2  sup-
       port. SSLv2 is widely considered insecure (see RFC 6176).

-3, --sslv3
       (SSL)  Forces  curl to use SSL version 3 when negotiating with a
       remote SSL server. Sometimes curl is built  without  SSLv3  sup-
       port. SSLv3 is widely considered insecure (see RFC 7568).

-4, --ipv4
       This  option tells curl to resolve names to IPv4 addresses only,
       and not for example try IPv6.

-6, --ipv6
       This option tells curl to resolve names to IPv6 addresses  only,
       and not for example try IPv4.

-a, --append
       (FTP/SFTP) When used in an upload, this makes curl append to the
       target file instead  of  overwriting  it.  If  the  remote  file
       doesn't  exist,  it  will  be  created.   Note that this flag is
       ignored by some SFTP servers (including OpenSSH).

-A, --user-agent <agent string>
       (HTTP) Specify the User-Agent string to send to the HTTP server.
       Some   badly   done  CGIs  fail  if  this  field  isn't  set  to
       "Mozilla/4.0". To encode blanks  in  the  string,  surround  the
       string  with  single  quote marks. This can also be set with the
       -H, --header option of course.

If this option is used several times, the last one will be used.

--anyauth
       (HTTP) Tells curl to figure out authentication method by itself,
       and  use  the most secure one the remote site claims to support.
       This is done by first doing a request and checking the response-
       headers,  thus  possibly  inducing  an extra network round-trip.
       This is  used  instead  of  setting  a  specific  authentication
       method,  which  you  can  do with --basic, --digest, --ntlm, and
       --negotiate.

Note that using --anyauth is not recommended if you  do  uploads
from  stdin, since it may require data to be sent twice and then
the client must be able to rewind. If the need should arise when
uploading from stdin, the upload operation will fail.

-b, --cookie <name=data>
       (HTTP)  Pass the data to the HTTP server as a cookie. It is sup-
       posedly the data previously received from the server in a  "Set-
       Cookie:"  line.  The data should be in the format "NAME1=VALUE1;
       NAME2=VALUE2".

If no '=' symbol is used in the line, it is treated as  a  file-
name  to  use to read previously stored cookie lines from, which
should be used in this session if they match. Using this  method
also  activates  the  cookie  engine which will make curl record
incoming cookies too, which may be handy if you're using this in
combination  with  the -L, --location option. The file format of
the file to read cookies from should be plain HTTP headers (Set-
Cookie style) or the Netscape/Mozilla cookie file format.

The  file  specified with -b, --cookie is only used as input. No
cookies will be written to the file. To store cookies,  use  the
-c, --cookie-jar option.

Exercise  caution  if  you  are  using  this option and multiple
transfers may occur.  If you use the NAME1=VALUE1; format, or in
a  file  use  the  Set-Cookie format and don't specify a domain,
then the cookie is sent for any domain (even after redirects are
followed)  and cannot be modified by a server-set cookie. If the
cookie engine is enabled and a server sets a cookie of the  same
name then both will be sent on a future transfer to that server,
likely not what you intended.  To address  these  issues  set  a
domain  in  Set-Cookie  (doing that will include sub-domains) or
use the Netscape format.

If this option is used several times, the last one will be used.

-B, --use-ascii
       (FTP/LDAP) Enable ASCII transfer. For  FTP,  this  can  also  be
       enforced  by  using an URL that ends with ";type=A". This option
       causes data sent to stdout to be in text mode for win32 systems.

--basic
       (HTTP) Tells curl to use  HTTP  Basic  authentication  with  the
       remote  host.  This  is  the  default and this option is usually
       pointless, unless you use it to override a previously set option
       that  sets  a  different  authentication method (such as --ntlm,
       --digest, or --negotiate).

Used together with -u, --user and -x, --proxy.

See also --proxy-basic.

-c, --cookie-jar <file name>
       (HTTP) Specify to which file you want curl to write all  cookies
       after  a completed operation. Curl writes all cookies previously
       read from a specified file as well as all cookies received  from
       remote server(s). If no cookies are known, no data will be writ-
       ten. The file will be written using  the  Netscape  cookie  file
       format.  If  you  set  the  file name to a single dash, "-", the
       cookies will be written to stdout.

This command line option will activate the  cookie  engine  that
makes curl record and use cookies. Another way to activate it is
to use the -b, --cookie option.

If the cookie jar can't be created or written to, the whole curl
operation  won't  fail or even report an error clearly. Using -v
will get a warning displayed, but that is the only visible feed-
back you get about this possibly lethal situation.

Since 7.43.0 cookies that were imported in the Set-Cookie format
without a domain name are not exported by this option.

If this option is used several times, the  last  specified  file
name will be used.

-C, --continue-at <offset>
       Continue/Resume  a  previous  file transfer at the given offset.
       The given offset is the exact  number  of  bytes  that  will  be
       skipped,  counting  from the beginning of the source file before
       it is transferred to the destination.  If used with uploads, the
       FTP server command SIZE will not be used by curl.

Use  "-C  -" to tell curl to automatically find out where/how to
resume the transfer. It then uses the given  output/input  files
to figure that out.

If this option is used several times, the last one will be used.

--ciphers <list of ciphers>
       (SSL) Specifies which ciphers to use in the connection. The list
       of ciphers must specify valid ciphers. Read  up  on  SSL  cipher
       list           details           on           this          URL:
       https://www.openssl.org/docs/apps/ciphers.html

NSS ciphers are done differently than OpenSSL  and  GnuTLS.  The
full  list of NSS ciphers is in the NSSCipherSuite entry at this
URL:                                         https://git.fedora-
hosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html#Directives

If this option is used several times, the last one will be used.

--compressed
       (HTTP) Request a compressed response using one of the algorithms
       curl supports, and save  the  uncompressed  document.   If  this
       option  is  used  and  the server sends an unsupported encoding,
       curl will report an error.

--connect-timeout <seconds>
       Maximum time in seconds that  you  allow  curl's  connection  to
       take.   This  only  limits the connection phase, so if curl con-
       nects within the given period it will continue - if not it  will
       exit.  Since version 7.32.0, this option accepts decimal values.

See also the -m, --max-time option.

If this option is used several times, the last one will be used.

--create-dirs
       When  used  in  conjunction with the -o option, curl will create
       the necessary local directory hierarchy as needed.  This  option
       creates  the dirs mentioned with the -o option, nothing else. If
       the -o file name uses no dir or if the dirs it mentions  already
       exist, no dir will be created.

To  create remote directories when using FTP or SFTP, try --ftp-
create-dirs.

--crlf Convert LF to CRLF in upload. Useful for MVS (OS/390).

(SMTP added in 7.40.0)

--crlfile <file>
       (HTTPS/FTPS) Provide a file using PEM format with a  Certificate
       Revocation  List  that may specify peer certificates that are to
       be considered revoked.

If this option is used several times, the last one will be used.

       (Added in 7.19.7)
-d, --data <data>
       (HTTP) Sends the specified data in a POST request  to  the  HTTP
       server,  in  the  same  way  that a browser does when a user has
       filled in an HTML form and presses the submit button. This  will
       cause curl to pass the data to the server using the content-type
       application/x-www-form-urlencoded.  Compare to -F, --form.

-d, --data is the same as --data-ascii. --data-raw is almost the
same but does not have a special interpretation of the @ charac-
ter. To post data purely binary,  you  should  instead  use  the
--data-binary  option.   To URL-encode the value of a form field
you may use --data-urlencode.

If any of these options is used more than once on the same  com-
mand  line,  the  data  pieces specified will be merged together
with a separating  &-symbol.  Thus,  using  '-d  name=daniel  -d
skill=lousy'  would  generate  a  post  chunk  that  looks  like
'name=daniel&skill=lousy'.

If you start the data with the letter @, the rest  should  be  a
file  name  to read the data from, or - if you want curl to read
the data from stdin. Multiple files can also be specified. Post-
ing  data  from  a  file  named 'foobar' would thus be done with
--data @foobar. When --data is told to read  from  a  file  like
that, carriage returns and newlines will be stripped out. If you
don't want the @ character to have a special interpretation  use
--data-raw instead.

-D, --dump-header <file>
       Write the protocol headers to the specified file.

This  option  is handy to use when you want to store the headers
that an HTTP site sends to you. Cookies from the  headers  could
then  be  read  in  a  second  curl  invocation by using the -b,
--cookie option! The -c, --cookie-jar option is a better way  to
store cookies.

When  used  in FTP, the FTP server response lines are considered
being "headers" and thus are saved there.

If this option is used several times, the last one will be used.

--data-ascii <data>
       See -d, --data.

--data-binary <data>
       (HTTP) This posts data exactly as specified with no  extra  pro-
       cessing whatsoever.

If  you  start  the data with the letter @, the rest should be a
filename.  Data is posted in a similar  manner  as  --data-ascii
does,  except  that  newlines and carriage returns are preserved
and conversions are never done.

If this option is used several times,  the  ones  following  the
first will append data as described in -d, --data.

--data-raw <data>
       (HTTP)  This posts data similarly to --data but without the spe-
       cial interpretation of the @ character. See -d, --data.   (Added
       in 7.43.0)

--data-urlencode <data>
       (HTTP) This posts data, similar to the other --data options with
       the exception that this performs URL-encoding. (Added in 7.18.0)
       To be CGI-compliant, the <data> part should begin  with  a  name
       followed  by a separator and a content specification. The <data>
       part can be passed to curl using one of the following syntaxes:

content
       This will make curl URL-encode the content and pass  that
       on.  Just  be careful so that the content doesn't contain
       any = or @ symbols, as that will  then  make  the  syntax
       match one of the other cases below!

=content
       This  will make curl URL-encode the content and pass that
       on. The preceding = symbol is not included in the data.

name=content
       This will make curl URL-encode the content part and  pass
       that  on.  Note that the name part is expected to be URL-
       encoded already.

@filename
       This will  make  curl  load  data  from  the  given  file
       (including  any  newlines), URL-encode that data and pass
       it on in the POST.

name@filename
       This will  make  curl  load  data  from  the  given  file
       (including  any  newlines), URL-encode that data and pass
       it on in the POST. The  name  part  gets  an  equal  sign
       appended, resulting in name=urlencoded-file-content. Note
       that the name is expected to be URL-encoded already.

--delegation LEVEL
       Set LEVEL to tell the server what it is allowed to delegate when
       it comes to user credentials. Used with GSS/kerberos.

none   Don't allow any delegation.

policy Delegates  if  and only if the OK-AS-DELEGATE flag is set
       in the Kerberos service ticket,  which  is  a  matter  of
       realm policy.

always Unconditionally allow the server to delegate.

--digest
       (HTTP)  Enables HTTP Digest authentication. This is an authenti-
       cation scheme that prevents the password from  being  sent  over
       the  wire in clear text. Use this in combination with the normal
       -u, --user option to  set  user  name  and  password.  See  also
       --ntlm, --negotiate and --anyauth for related options.

If  this  option  is  used  several times, only the first one is
used.

--disable-eprt
       (FTP) Tell curl to disable the use of the EPRT and LPRT commands
       when doing active FTP transfers. Curl will normally always first
       attempt to use EPRT, then LPRT before using PORT, but with  this
       option,  it  will  use PORT right away. EPRT and LPRT are exten-
       sions to the original FTP protocol, and  may  not  work  on  all
       servers, but they enable more functionality in a better way than
       the traditional PORT command.

--eprt can be used to explicitly enable EPRT again and --no-eprt
is an alias for --disable-eprt.

If  the  server is an IPv6 host, this option will have no effect
as EPRT is necessary then.

Disabling EPRT only changes the active behavior. If you want  to
switch  to  passive  mode  you need to not use -P, --ftp-port or
force it with --ftp-pasv.

--disable-epsv
       (FTP) Tell curl to disable the use  of  the  EPSV  command  when
       doing  passive  FTP  transfers.  Curl will normally always first
       attempt to use EPSV before PASV, but with this option,  it  will
       not try using EPSV.

--epsv can be used to explicitly enable EPSV again and --no-epsv
is an alias for --disable-epsv.

If the server is an IPv6 host, this option will have  no  effect
as EPSV is necessary then.

Disabling EPSV only changes the passive behavior. If you want to
switch to active mode you need to use -P, --ftp-port.

--dns-interface <interface>
       Tell curl to send outgoing  DNS  requests  through  <interface>.
       This  option  is  a  counterpart  to --interface (which does not
       affect DNS). The supplied string must be an interface name  (not
       an address).

This  option  requires  that  libcurl  was built with a resolver
backend that supports this operation. The c-ares backend is  the
only such one. (Added in 7.33.0)

--dns-ipv4-addr <ip-address>
       Tell curl to bind to <ip-address> when making IPv4 DNS requests,
       so that the DNS requests originate from this address. The  argu-
       ment should be a single IPv4 address.

This  option  requires  that  libcurl  was built with a resolver
backend that supports this operation. The c-ares backend is  the
only such one.  (Added in 7.33.0)

--dns-ipv6-addr <ip-address>
       Tell curl to bind to <ip-address> when making IPv6 DNS requests,
       so that the DNS requests originate from this address. The  argu-
       ment should be a single IPv6 address.

This  option  requires  that  libcurl  was built with a resolver
backend that supports this operation. The c-ares backend is  the
only such one.  (Added in 7.33.0)

--dns-servers <ip-address,ip-address>
       Set  the  list  of  DNS servers to be used instead of the system
       default.  The list of IP addresses should be separated with com-
       mas. Port numbers may also optionally be given as :<port-number>
       after each IP address.

This option requires that libcurl  was  built  with  a  resolver
backend  that supports this operation. The c-ares backend is the
only such one.  (Added in 7.33.0)

-e, --referer <URL>
       (HTTP) Sends the "Referrer Page" information to the HTTP server.
       This can also be set with the -H, --header flag of course.  When
       used with -L, --location you can append ";auto" to the --referer
       URL to make curl automatically set the previous URL when it fol-
       lows a Location: header. The ";auto" string can be  used  alone,
       even if you don't set an initial --referer.

If this option is used several times, the last one will be used.

-E, --cert <certificate[:password]>
       (SSL)  Tells  curl  to use the specified client certificate file
       when getting a file with HTTPS, FTPS or another SSL-based proto-
       col.  The  certificate must be in PKCS#12 format if using Secure
       Transport, or PEM format if using  any  other  engine.   If  the
       optional password isn't specified, it will be queried for on the
       terminal. Note that this option  assumes  a  "certificate"  file
       that is the private key and the client certificate concatenated!
       See --cert and --key to specify them independently.

If curl is built against the NSS SSL library  then  this  option
can  tell curl the nickname of the certificate to use within the
NSS database defined by the environment variable SSL_DIR (or  by
default  /etc/pki/nssdb).  If  the  NSS PEM PKCS#11 module (lib-
nsspem.so) is available then PEM files may  be  loaded.  If  you
want to use a file from the current directory, please precede it
with "./" prefix, in order to avoid confusion with  a  nickname.
If  the nickname contains ":", it needs to be preceded by "\" so
that it is not recognized as password delimiter.  If  the  nick-
name  contains "\", it needs to be escaped as "\\" so that it is
not recognized as an escape character.

(iOS and macOS only) If curl is built against Secure  Transport,
then the certificate string can either be the name of a certifi-
cate/private key in the system or user keychain, or the path  to
a  PKCS#12-encoded  certificate  and private key. If you want to
use a file from the current directory, please  precede  it  with
"./" prefix, in order to avoid confusion with a nickname.

If this option is used several times, the last one will be used.

--engine <name>
       Select  the  OpenSSL crypto engine to use for cipher operations.
       Use --engine list  to  print  a  list  of  build-time  supported
       engines.  Note  that  not  all  (or  none) of the engines may be
       available at run-time.

--environment
       (RISC OS ONLY) Sets a range of environment variables, using  the
       names the -w option supports, to allow easier extraction of use-
       ful information after having run curl.

--egd-file <file>
       (SSL) Specify the path name  to  the  Entropy  Gathering  Daemon
       socket.  The  socket  is  used to seed the random engine for SSL
       connections. See also the --random-file option.

--expect100-timeout <seconds>
       (HTTP) Maximum time in seconds that you allow curl to wait for a
       100-continue  response  when curl emits an Expects: 100-continue
       header in its request. By default curl  will  wait  one  second.
       This  option accepts decimal values! When curl stops waiting, it
       will continue as if the response has been received.

(Added in 7.47.0)

--cert-type <type>
       (SSL) Tells curl what certificate type the provided  certificate
       is in. PEM, DER and ENG are recognized types.  If not specified,
       PEM is assumed.

If this option is used several times, the last one will be used.

--cacert <CA certificate>
       (SSL) Tells curl to use the specified certificate file to verify
       the  peer.  The  file  may contain multiple CA certificates. The
       certificate(s) must be in PEM format. Normally curl is built  to
       use a default file for this, so this option is typically used to
       alter that default file.

curl recognizes the environment variable named  'CURL_CA_BUNDLE'
if  it  is  set,  and uses the given path as a path to a CA cert
bundle. This option overrides that variable.

The windows version of curl will automatically  look  for  a  CA
certs file named 'curl-ca-bundle.crt', either in the same direc-
tory as curl.exe, or in the Current Working Directory, or in any
folder along your PATH.

If  curl  is  built  against  the  NSS  SSL library, the NSS PEM
PKCS#11 module (libnsspem.so) needs to  be  available  for  this
option to work properly.

(iOS  and macOS only) If curl is built against Secure Transport,
then this option is supported for  backward  compatibility  with
other  SSL  engines,  but it should not be set. If the option is
not set, then curl will use the certificates in the  system  and
user  Keychain to verify the peer, which is the preferred method
of verifying the peer's certificate chain.

If this option is used several times, the last one will be used.

--capath <CA certificate directory>
       (SSL) Tells curl to use the specified certificate  directory  to
       verify  the  peer.  Multiple paths can be provided by separating
       them with ":" (e.g.  "path1:path2:path3"). The certificates must
       be  in  PEM  format,  and  if curl is built against OpenSSL, the
       directory must have been processed using  the  c_rehash  utility
       supplied  with OpenSSL. Using --capath can allow OpenSSL-powered
       curl to make SSL-connections much more  efficiently  than  using
       --cacert if the --cacert file contains many CA certificates.

If this option is set, the default capath value will be ignored,
and if it is used several times, the last one will be used.

--pinnedpubkey <pinned public key (hashes)>
       (SSL) Tells curl to  use  the  specified  public  key  file  (or
       hashes)  to  verify the peer. This can be a path to a file which
       contains a single public key in PEM or DER format, or any number
       of base64 encoded sha256 hashes preceded by 'sha256//' and sepa-
       rated by ';'

When negotiating a TLS or SSL connection,  the  server  sends  a
certificate  indicating  its identity. A public key is extracted
from this certificate and if it does not exactly match the  pub-
lic  key provided to this option, curl will abort the connection
before sending or receiving any data.

PEM/DER support:
  7.39.0: OpenSSL, GnuTLS and GSKit
  7.43.0: NSS and wolfSSL/CyaSSL
  7.47.0: mbedtls
  7.49.0: PolarSSL sha256 support:
  7.44.0: OpenSSL, GnuTLS, NSS and wolfSSL/CyaSSL.
  7.47.0: mbedtls
  7.49.0: PolarSSL Other SSL backends not supported.

If this option is used several times, the last one will be used.

--cert-status
       (SSL) Tells curl to verify the status of the server  certificate
       by using the Certificate Status Request (aka. OCSP stapling) TLS
       extension.

If this option is enabled and the server sends an invalid  (e.g.
expired) response, if the response suggests that the server cer-
tificate has been revoked, or no response at  all  is  received,
the verification fails.

This  is  currently  only implemented in the OpenSSL, GnuTLS and
NSS backends.  (Added in 7.41.0)

--false-start

(SSL) Tells curl to use false start during  the  TLS  handshake.
False  start  is  a  mode  where a TLS client will start sending
application data before verifying the server's Finished message,
thus saving a round trip when performing a full handshake.

This  is currently only implemented in the NSS and Secure Trans-
port (on iOS 7.0 or later, or OS  X  10.9  or  later)  backends.
(Added in 7.42.0)

-f, --fail
       (HTTP)  Fail  silently (no output at all) on server errors. This
       is mostly done to better enable scripts etc to better deal  with
       failed  attempts.  In  normal cases when an HTTP server fails to
       deliver a document, it  returns  an  HTML  document  stating  so
       (which  often  also describes why and more). This flag will pre-
       vent curl from outputting that and return error 22.

This method is not fail-safe and there are occasions where  non-
successful  response  codes  will  slip through, especially when
authentication is involved (response codes 401 and 407).

-F, --form <name=content>
       (HTTP) This lets curl emulate a filled-in form in which  a  user
       has  pressed  the  submit  button. This causes curl to POST data
       using the  Content-Type  multipart/form-data  according  to  RFC
       2388.  This  enables uploading of binary files etc. To force the
       'content' part to be a file, prefix the  file  name  with  an  @
       sign.  To just get the content part from a file, prefix the file
       name with the symbol <. The difference between @ and <  is  then
       that  @  makes a file get attached in the post as a file upload,
       while the < makes a text field and just  get  the  contents  for
       that text field from a file.

Example:  to  send  an image to a server, where 'profile' is the
name of the form-field to which portrait.jpg will be the input:

curl -F [email protected] https://example.com/upload.cgi

To read content from stdin instead of a file, use - as the file-
name.  This  goes  for both @ and < constructs. Unfortunately it
does not support reading the file from a named pipe or  similar,
as it needs the full size before the transfer starts.

You  can  also  tell  curl  what  Content-Type  to  use by using
'type=', in a manner similar to:

curl -F "[email protected];type=text/html" example.com

or

curl -F "name=daniel;type=text/foo" example.com

You can also explicitly change the name field of a  file  upload
part by setting filename=, like this:

curl -F "file=@localfile;filename=nameinpost" example.com

If  filename/path contains ',' or ';', it must be quoted by dou-
ble-quotes like:

curl  -F   "file=@\"localfile\";filename=\"nameinpost\""   exam-
ple.com

or

curl -F 'file=@"localfile";filename="nameinpost"' example.com

Note  that  if  a  filename/path is quoted by double-quotes, any
double-quote or backslash within the filename must be escaped by
backslash.

See further examples and details in the MANUAL.

This option can be used multiple times.

--ftp-account [data]
       (FTP) When an FTP server asks for "account data" after user name
       and password has been provided, this data is sent off using  the
       ACCT command. (Added in 7.13.0)

If this option is used several times, the last one will be used.

--ftp-alternative-to-user <command>
       (FTP)  If  authenticating with the USER and PASS commands fails,
       send this  command.   When  connecting  to  Tumbleweed's  Secure
       Transport  server  over  FTPS  using a client certificate, using
       "SITE AUTH" will tell the server to retrieve the  username  from
       the certificate. (Added in 7.15.5)

--ftp-create-dirs
       (FTP/SFTP)  When  an  FTP or SFTP URL/operation uses a path that
       doesn't currently exist on the server, the standard behavior  of
       curl is to fail. Using this option, curl will instead attempt to
       create missing directories.

--ftp-method [method]
       (FTP) Control what method curl should use to reach a file on  an
       FTP(S)  server. The method argument should be one of the follow-
       ing alternatives:

multicwd
       curl does a single CWD operation for each  path  part  in
       the  given URL. For deep hierarchies this means very many
       commands. This is how RFC 1738 says it  should  be  done.
       This is the default but the slowest behavior.

nocwd  curl  does  no  CWD at all. curl will do SIZE, RETR, STOR
       etc and give a full path to the server for all these com-
       mands. This is the fastest behavior.

singlecwd
       curl does one CWD with the full target directory and then
       operates on the file "normally"  (like  in  the  multicwd
       case).  This  is  somewhat  more standards compliant than
       'nocwd' but without the full penalty of 'multicwd'.

(Added in 7.15.1)

--ftp-pasv
       (FTP) Use passive mode for the data connection. Passive  is  the
       internal  default behavior, but using this option can be used to
       override a previous -P/-ftp-port option. (Added in 7.11.0)

If this option is used several times,  only  the  first  one  is
used.  Undoing  an  enforced passive really isn't doable but you
must then instead enforce the correct -P, --ftp-port again.

Passive mode means that curl will try the EPSV command first and
then PASV, unless --disable-epsv is used.

--ftp-skip-pasv-ip
       (FTP) Tell curl to not use the IP address the server suggests in
       its response to curl's PASV command when curl connects the  data
       connection.  Instead  curl  will  re-use  the same IP address it
       already uses for the control connection. (Added in 7.14.2)

This option has no effect if PORT, EPRT or EPSV is used  instead
of PASV.

--ftp-pret
       (FTP)  Tell  curl to send a PRET command before PASV (and EPSV).
       Certain FTP servers, mainly drftpd,  require  this  non-standard
       command  for  directory  listings as well as up and downloads in
       PASV mode.  (Added in 7.20.x)

--ftp-ssl-ccc
       (FTP) Use CCC (Clear Command Channel)  Shuts  down  the  SSL/TLS
       layer after authenticating. The rest of the control channel com-
       munication will be unencrypted. This allows NAT routers to  fol-
       low the FTP transaction. The default mode is passive. See --ftp-
       ssl-ccc-mode for other modes.  (Added in 7.16.1)

--ftp-ssl-ccc-mode [active/passive]
       (FTP) Use CCC (Clear Command Channel) Sets  the  CCC  mode.  The
       passive  mode  will  not initiate the shutdown, but instead wait
       for the server to do it, and will not reply to the shutdown from
       the server. The active mode initiates the shutdown and waits for
       a reply from the server.  (Added in 7.16.2)

--ftp-ssl-control
       (FTP) Require SSL/TLS for the FTP  login,  clear  for  transfer.
       Allows  secure  authentication, but non-encrypted data transfers
       for efficiency.  Fails the transfer if the server  doesn't  sup-
       port SSL/TLS.  (Added in 7.16.0) that can still be used but will
       be removed in a future version.

--ftp-ssl
       (FTP) This deprecated option is now known as --ssl.

--ftp-ssl-reqd
       (FTP) This deprecated option is now known as --ssl-reqd.

--form-string <name=string>
       (HTTP) Similar to --form except that the value  string  for  the
       named  parameter  is used literally. Leading '@' and '<' charac-
       ters, and the ';type=' string in the value have no special mean-
       ing. Use this in preference to --form if there's any possibility
       that the string value may accidentally trigger the  '@'  or  '<'
       features of --form.

-g, --globoff
       This option switches off the "URL globbing parser". When you set
       this option, you can specify URLs that contain the letters  {}[]
       without  having them being interpreted by curl itself. Note that
       these letters are not normal legal URL contents but they  should
       be encoded according to the URI standard.

-G, --get
       When  used,  this  option  will make all data specified with -d,
       --data, --data-binary or --data-urlencode to be used in an  HTTP
       GET  request instead of the POST request that otherwise would be
       used. The data will be appended to the URL with a '?' separator.
       If used in combination with -I, the POST data  will  instead  be
       appended to the URL with a HEAD request.

If  this  option  is  used  several times, only the first one is
used. This is because undoing a GET doesn't make sense, but  you
should then instead enforce the alternative method you prefer.

-H, --header <header>
       (HTTP)  Extra header to include in the request when sending HTTP
       to a server. You may specify any number of extra  headers.  Note
       that if you should add a custom header that has the same name as
       one of the internal ones curl would  use,  your  externally  set
       header will be used instead of the internal one. This allows you
       to make even trickier stuff than curl  would  normally  do.  You
       should  not  replace internally set headers without knowing per-
       fectly well what you're doing. Remove an internal header by giv-
       ing  a  replacement  without  content  on  the right side of the
       colon, as in: -H "Host:". If you send the custom header with no-
       value  then its header must be terminated with a semicolon, such
       as -H "X-Custom-Header;" to send "X-Custom-Header:".

curl will make sure that each header  you  add/replace  is  sent
with the proper end-of-line marker, you should thus not add that
as a part of the header content: do not add newlines or carriage
returns, they will only mess things up for you.

See also the -A, --user-agent and -e, --referer options.

Starting in 7.37.0, you need --proxy-header to send custom head-
ers intended for a proxy.

Example:

# curl -H "X-First-Name: Joe" http://example.com/

WARNING: headers set  with  this  option  will  be  set  in  all
requests  -  even  after  redirects are followed, like when told
with -L, --location. This can lead to the header being  sent  to
other  hosts than the original host, so sensitive headers should
be used with caution combined with following redirects.

This option can be used  multiple  times  to  add/replace/remove
multiple headers.

--hostpubmd5 <md5>
       (SCP/SFTP)  Pass  a string containing 32 hexadecimal digits. The
       string should be the 128 bit MD5 checksum of the  remote  host's
       public key, curl will refuse the connection with the host unless
       the md5sums match. (Added in 7.17.1)

--ignore-content-length
       For HTTP, Ignore the Content-Length header. This is particularly
       useful  for servers running Apache 1.x, which will report incor-
       rect Content-Length for files larger than 2 gigabytes.

For FTP (since 7.46.0), skip the RETR command to figure out  the
size before downloading a file.

-i, --include
       (HTTP)  Include  the  HTTP-header in the output. The HTTP-header
       includes things like server-name, date of  the  document,  HTTP-
       version and more...

-I, --head
       (HTTP/FTP/FILE) Fetch the HTTP-header only! HTTP-servers feature
       the command HEAD which this uses to get nothing but  the  header
       of  a  document. When used on an FTP or FILE file, curl displays
       the file size and last modification time only.

--interface <name>
       Perform an operation using a specified interface. You can  enter
       interface  name,  IP address or host name. An example could look
       like:

curl --interface eth0:1 https://www.example.com/

If this option is used several times, the last one will be used.

-j, --junk-session-cookies
       (HTTP) When curl is told to read cookies from a given file, this
       option  will  make  it  discard all "session cookies". This will
       basically have the same effect as if a new session  is  started.
       Typical  browsers  always  discard  session cookies when they're
       closed down.

-J, --remote-header-name
       (HTTP) This option tells the -O, --remote-name option to use the
       server-specified   Content-Disposition   filename   instead   of
       extracting a filename from the URL.

If the server specifies a file name and a file  with  that  name
already  exists  in the current working directory it will not be
overwritten and an error will occur. If the server doesn't spec-
ify a file name then this option has no effect.

There's  no  attempt to decode %-sequences (yet) in the provided
file name, so this option may provide you with rather unexpected
file names.

WARNING:  Exercise  judicious  use of this option, especially on
Windows. A rogue server could send you the  name  of  a  DLL  or
other  file  that could possibly be loaded automatically by Win-
dows or some third party software.

-k, --insecure
       (SSL) This option explicitly allows curl to  perform  "insecure"
       SSL connections and transfers. All SSL connections are attempted
       to be made secure by using the CA certificate  bundle  installed
       by  default.  This  makes  all connections considered "insecure"
       fail unless -k, --insecure is used.

See    this    online    resource    for    further     details:
https://curl.haxx.se/docs/sslcerts.html

-K, --config <config file>
       Specify  which config file to read curl arguments from. The con-
       fig file is a text file in which command line arguments  can  be
       written  which  then will be used as if they were written on the
       actual command line.

Options and their parameters must be specified on the same  con-
fig  file  line,  separated  by whitespace, colon, or the equals
sign. Long option names can optionally be given  in  the  config
file  without  the initial double dashes and if so, the colon or
equals characters can be used as separators. If  the  option  is
specified  with  one  or  two  dashes,  there can be no colon or
equals character between the option and its parameter.

If the parameter is to contain whitespace, the parameter must be
enclosed  within  quotes.  Within  double  quotes, the following
escape sequences are available: \\, \", \t, \n,  \r  and  \v.  A
backslash  preceding  any  other letter is ignored. If the first
column of a config line is a '#' character, the rest of the line
will be treated as a comment. Only write one option per physical
line in the config file.

Specify the filename to -K, --config as '-' to  make  curl  read
the file from stdin.

Note  that  to  be able to specify a URL in the config file, you
need to specify it using the --url option,  and  not  by  simply
writing  the  URL  on its own line. So, it could look similar to
this:

url = "https://curl.haxx.se/docs/"

When curl is invoked, it always (unless -q is used) checks for a
default  config  file  and  uses it if found. The default config
file is checked for in the following places in this order:

1) curl tries to find the "home dir": It first  checks  for  the
CURL_HOME and then the HOME environment variables. Failing that,
it uses getpwuid() on Unix-like systems (which returns the  home
dir  given the current user in your system). On Windows, it then
checks for the APPDATA variable, or as a last resort the '%USER-
PROFILE%\Application Data'.

2)  On  windows, if there is no _curlrc file in the home dir, it
checks for one in the same dir the curl executable is placed. On
Unix-like  systems,  it will simply try to load .curlrc from the
determined home dir.

# --- Example file ---
# this is a comment
url = "example.com"
output = "curlhere.html"
user-agent = "superagent/1.0"

# and fetch another URL too
url = "example.com/docs/manpage.html"
-O
referer = "http://nowhereatall.example.com/"
# --- End of example file ---

This option can be used multiple times to load  multiple  config
files.

--keepalive-time <seconds>
       This  option  sets  the  time  a connection needs to remain idle
       before sending keepalive probes and the time between  individual
       keepalive probes. It is currently effective on operating systems
       offering  the  TCP_KEEPIDLE  and  TCP_KEEPINTVL  socket  options
       (meaning  Linux, recent AIX, HP-UX and more). This option has no
       effect if --no-keepalive is used. (Added in 7.18.0)

If this option is used several times, the last one will be used.
If unspecified, the option defaults to 60 seconds.

--key <key>
       (SSL/SSH) Private key file name. Allows you to provide your pri-
       vate key in this separate file. For SSH, if not specified,  curl
       tries   the  following  candidates  in  order:  '~/.ssh/id_rsa',
       '~/.ssh/id_dsa', './id_rsa', './id_dsa'.

If this option is used several times, the last one will be used.

--key-type <type>
       (SSL) Private key file type. Specify which type your --key  pro-
       vided  private  key  is. DER, PEM, and ENG are supported. If not
       specified, PEM is assumed.

If this option is used several times, the last one will be used.

--krb <level>
       (FTP) Enable Kerberos authentication and use. The level must  be
       entered and should be one of 'clear', 'safe', 'confidential', or
       'private'. Should you use a level that  is  not  one  of  these,
       'private' will instead be used.

This  option  requires  a  library built with kerberos4 support.
This is not very common. Use -V, --version to see if  your  curl
supports it.

If this option is used several times, the last one will be used.

--krb4 <level>
       (FTP) This is the former name for --krb. Do not use.

-l, --list-only
       (FTP)  When listing an FTP directory, this switch forces a name-
       only view. This is  especially  useful  if  the  user  wants  to
       machine-parse  the contents of an FTP directory since the normal
       directory view doesn't use a standard look or format. When  used
       like  this,  the  option causes a NLST command to be sent to the
       server instead of LIST.

Note: Some FTP servers list only  files  in  their  response  to
NLST; they do not include sub-directories and symbolic links.

(POP3)  When  retrieving a specific email from POP3, this switch
forces a LIST command to be performed instead of RETR.  This  is
particularly  useful if the user wants to see if a specific mes-
sage id exists on the server and what size it is.

Note: When combined with -X, --request  <command>,  this  option
can be used to send an UIDL command instead, so the user may use
the email's unique identifier rather than  it's  message  id  to
make the request. (Added in 7.21.5)

-L, --location
       (HTTP/HTTPS)  If  the server reports that the requested page has
       moved to a different location (indicated with a Location: header
       and  a  3XX  response code), this option will make curl redo the
       request on the new place. If used together with -i, --include or
       -I, --head, headers from all requested pages will be shown. When
       authentication is used, curl only sends its credentials  to  the
       initial  host.  If a redirect takes curl to a different host, it
       won't be able to intercept the user+password. See  also  --loca-
       tion-trusted  on how to change this. You can limit the amount of
       redirects to follow by using the --max-redirs option.

When curl follows a redirect and the request is not a plain  GET
(for example POST or PUT), it will do the following request with
a GET if the HTTP response was 301, 302, or 303. If the response
code  was  any  other  3xx code, curl will re-send the following
request using the same unmodified method.

You can tell curl to not change the non-GET  request  method  to
GET  after  a  30x  response  by using the dedicated options for
that: --post301, --post302 and --post303.

--libcurl <file>
       Append this option to any ordinary curl command  line,  and  you
       will  get a libcurl-using C source code written to the file that
       does the equivalent of what your command-line operation does!

If this option is used several times, the last given  file  name
will be used. (Added in 7.16.1)

--limit-rate <speed>
       Specify  the  maximum  transfer  rate you want curl to use - for
       both downloads and uploads. This feature is useful if you have a
       limited pipe and you'd like your transfer not to use your entire
       bandwidth. To make it slower than it otherwise would be.

The given speed is measured in bytes/second, unless a suffix  is
appended.   Appending  'k' or 'K' will count the number as kilo-
bytes, 'm' or M' makes it megabytes, while 'g' or 'G'  makes  it
gigabytes. Examples: 200K, 3m and 1G.

If  you  also use the -Y, --speed-limit option, that option will
take precedence and might cripple the rate-limiting slightly, to
help keeping the speed-limit logic working.

If this option is used several times, the last one will be used.

--local-port <num>[-num]
       Set a preferred number or range of local port numbers to use for
       the connection(s).  Note that  port  numbers  by  nature  are  a
       scarce resource that will be busy at times so setting this range
       to something too narrow might cause unnecessary connection setup
       failures. (Added in 7.15.2)

--location-trusted
       (HTTP/HTTPS)  Like  -L,  --location,  but will allow sending the
       name + password to all hosts that the site may redirect to. This
       may or may not introduce a security breach if the site redirects
       you to a site to which  you'll  send  your  authentication  info
       (which is plaintext in the case of HTTP Basic authentication).

-m, --max-time <seconds>
       Maximum  time  in  seconds that you allow the whole operation to
       take.  This is useful for preventing your batch jobs from  hang-
       ing  for  hours due to slow networks or links going down.  Since
       7.32.0, this option accepts decimal values, but the actual time-
       out will decrease in accuracy as the specified timeout increases
       in decimal precision.  See also the --connect-timeout option.

If this option is used several times, the last one will be used.

--login-options <options>
       Specify the login options to use during server authentication.

You can use the  login  options  to  specify  protocol  specific
options  that may be used during authentication. At present only
IMAP, POP3 and SMTP support login options. For more  information
about  the  login options please see RFC 2384, RFC 5092 and IETF
draft draft-earhart-url-smtp-00.txt (Added in 7.34.0).

If this option is used several times, the last one will be used.

--mail-auth <address>
       (SMTP) Specify a single address. This will be  used  to  specify
       the  authentication  address  (identity)  of a submitted message
       that is being relayed to another server.

(Added in 7.25.0)

--mail-from <address>
       (SMTP) Specify a single address that the given mail  should  get
       sent from.

(Added in 7.20.0)

--max-filesize <bytes>
       Specify  the  maximum  size (in bytes) of a file to download. If
       the file requested is larger than this value, the transfer  will
       not start and curl will return with exit code 63.

NOTE:  The  file size is not always known prior to download, and
for such files this option has no effect even if the file trans-
fer  ends  up  being larger than this given limit. This concerns
both FTP and HTTP transfers.

--mail-rcpt <address>
       (SMTP) Specify a single address, user name or mailing list name.
       Repeat this option several times to send to multiple recipients.
       When  performing a mail transfer, the recipient should specify a
       valid email address to send the mail to. (Added in 7.20.0)

When performing an  address  verification  (VRFY  command),  the
recipient  should be specified as the user name or user name and
domain (as per Section 3.5 of RFC5321). (Added in 7.34.0)

When performing a mailing list expand (EXPN command), the recip-
ient  should  be  specified using the mailing list name, such as
"Friends" or "London-Office".  (Added in 7.34.0)

--max-redirs <num>
       Set maximum number of  redirection-followings  allowed.  If  -L,
       --location is used, this option can be used to prevent curl from
       following redirections "in absurdum". By default, the  limit  is
       set  to 50 redirections. Set this option to -1 to make it limit-
       less.

If this option is used several times, the last one will be used.

--metalink
       This option can tell curl to parse and process a  given  URI  as
       Metalink  file  (both  version 3 and 4 (RFC 5854) are supported)
       and make use of the mirrors listed within for failover if  there
       are  errors (such as the file or server not being available). It
       will also verify the hash of the file after  the  download  com-
       pletes.  The Metalink file itself is downloaded and processed in
       memory and not stored in the local file system.

Example to use a remote Metalink file:

curl --metalink http://www.example.com/example.metalink

To use a Metalink file in the local file system, use FILE proto-
col (file://):

curl --metalink file://example.metalink

Please  note  that if FILE protocol is disabled, there is no way
to use a local Metalink file at the time of this  writing.  Also
note  that  if  --metalink  and  --include  are  used  together,
--include will be ignored. This is because including headers  in
the  response  will break Metalink parser and if the headers are
included in the file described in Metalink file, hash check will
fail.

(Added in 7.27.0, if built against the libmetalink library.)

-n, --netrc
       Makes  curl  scan  the  .netrc  (_netrc  on Windows) file in the
       user's home directory for login name and password. This is typi-
       cally  used for FTP on Unix. If used with HTTP, curl will enable
       user authentication. See netrc(5) ftp(1) for details on the file
       format.  Curl  will  not  complain if that file doesn't have the
       right permissions (it should not be either world- or group-read-
       able).  The environment variable "HOME" is used to find the home
       directory.

A quick and very simple example of how  to  setup  a  .netrc  to
allow  curl to FTP to the machine host.domain.com with user name
'myself' and password 'secret' should look similar to:

machine host.domain.com login myself password secret

-N, --no-buffer
       Disables the buffering of the output stream. In normal work sit-
       uations,  curl  will  use a standard buffered output stream that
       will have the effect that it will output the data in chunks, not
       necessarily  exactly  when  the data arrives.  Using this option
       will disable that buffering.

Note that this is the negated option name  documented.  You  can
thus use --buffer to enforce the buffering.

--netrc-file
       This  option  is similar to --netrc, except that you provide the
       path (absolute or relative) to the netrc file that  Curl  should
       use.   You  can  only  specify one netrc file per invocation. If
       several --netrc-file options are provided,  only  the  last  one
       will be used.  (Added in 7.21.5)

This  option  overrides  any use of --netrc as they are mutually
exclusive.  It will also abide by --netrc-optional if specified.

--netrc-optional
       Very similar to --netrc, but this option makes the .netrc  usage
       optional and not mandatory as the --netrc option does.

--negotiate
       (HTTP) Enables Negotiate (SPNEGO) authentication.

If  you  want to enable Negotiate (SPNEGO) for proxy authentica-
tion, then use --proxy-negotiate.

This option requires a library built with GSS-API or  SSPI  sup-
port.  Use  -V,  --version  to  see  if  your curl supports GSS-
API/SSPI and SPNEGO.

When using this option, you must also provide a fake -u,  --user
option  to  activate the authentication code properly. Sending a
'-u :' is enough as the user  name  and  password  from  the  -u
option aren't actually used.

If  this  option  is  used  several times, only the first one is
used.

--no-keepalive
       Disables the use of keepalive messages on the TCP connection, as
       by default curl enables them.

Note  that  this  is the negated option name documented. You can
thus use --keepalive to enforce keepalive.

--no-sessionid
       (SSL) Disable curl's use of SSL session-ID caching.  By  default
       all  transfers are done using the cache. Note that while nothing
       should ever get hurt by attempting  to  reuse  SSL  session-IDs,
       there seem to be broken SSL implementations in the wild that may
       require you to disable this in order for you to succeed.  (Added
       in 7.16.0)

Note  that  this  is the negated option name documented. You can
thus use --sessionid to enforce session-ID caching.

--noproxy <no-proxy-list>
       Comma-separated list of hosts which do not use a proxy,  if  one
       is  specified.  The only wildcard is a single * character, which
       matches all hosts, and effectively disables the proxy. Each name
       in  this  list  is matched as either a domain which contains the
       hostname, or the hostname itself. For example,  local.com  would
       match   local.com,  local.com:80,  and  www.local.com,  but  not
       www.notlocal.com.  (Added in 7.19.4).

--connect-to <host:port:connect-to-host:connect-to-port>
       For a request to the given "host:port" pair,  connect  to  "con-
       nect-to-host:connect-to-port"  instead.   This  is  suitable  to
       direct the request at a specific  server,  e.g.  at  a  specific
       cluster  node in a cluster of servers.  This option is only used
       to establish the network connection.  It  does  NOT  affect  the
       hostname/port  that  is  used for TLS/SSL (e.g. SNI, certificate
       verification) or for  the  application  protocols.   "host"  and
       "port"  may be the empty string, meaning "any host/port".  "con-
       nect-to-host"  and  "connect-to-port"  may  also  be  the  empty
       string,  meaning  "use  the request's original host/port".  This
       option can be used many times to add many connect rules.  (Added
       in 7.49.0).

--ntlm (HTTP)  Enables  NTLM  authentication.  The  NTLM authentication
       method was designed by Microsoft and is used by IIS web servers.
       It  is a proprietary protocol, reverse-engineered by clever peo-
       ple and implemented in curl based on their efforts. This kind of
       behavior  should  not be endorsed, you should encourage everyone
       who uses NTLM to switch to a public and  documented  authentica-
       tion method instead, such as Digest.

If  you  want to enable NTLM for your proxy authentication, then
use --proxy-ntlm.

This option requires a library built with SSL support.  Use  -V,
--version to see if your curl supports NTLM.

If  this  option  is  used  several times, only the first one is
used.

--ntlm-wb
       (HTTP) Enables NTLM much in the style --ntlm does, but hand over
       the  authentication  to the separate binary ntlmauth application
       that is executed when needed.

-o, --output <file>
       Write output to <file> instead of stdout. If you are using {} or
       []  to  fetch  multiple documents, you can use '#' followed by a
       number in the <file> specifier. That variable will  be  replaced
       with the current string for the URL being fetched. Like in:

curl http://{one,two}.example.com -o "file_#1.txt"

or use several variables like:

curl http://{site,host}.host[1-5].com -o "#1_#2"

You  may use this option as many times as the number of URLs you
have. For example, if you specify two URLs on the  same  command
line, you can use it like this:

curl -o aa example.com -o bb example.net

and  the  order  of  the -o options and the URLs doesn't matter,
just that the first -o is for the first URL and so  on,  so  the
above command line can also be written as

curl example.com example.net -o aa -o bb

See  also  the --create-dirs option to create the local directo-
ries dynamically. Specifying the output as '-' (a  single  dash)
will force the output to be done to stdout.

-O, --remote-name
       Write  output to a local file named like the remote file we get.
       (Only the file part of the remote file is used, the path is  cut
       off.)

The  file will be saved in the current working directory. If you
want the file saved in a  different  directory,  make  sure  you
change  the  current working directory before invoking curl with
this option.

The remote file name to use for saving  is  extracted  from  the
given  URL,  nothing  else,  and if it already exists it will be
overwritten. If you want the server to be  able  to  choose  the
file name refer to -J, --remote-header-name which can be used in
addition to this option. If the server chooses a file  name  and
that name already exists it will not be overwritten.

There is no URL decoding done on the file name. If it has %20 or
other URL encoded parts of the name, they will end up  as-is  as
file name.

You  may use this option as many times as the number of URLs you
have.

--oauth2-bearer
       (IMAP, POP3, SMTP) Specify the Bearer Token for OAUTH 2.0 server
       authentication. The Bearer Token is used in conjunction with the
       user name which can be specified as part of  the  --url  or  -u,
       --user options.

The  Bearer  Token  and user name are formatted according to RFC
6750.

If this option is used several times, the last one will be used.

--proxy-header <header>
       (HTTP) Extra header to include in the request when sending  HTTP
       to a proxy. You may specify any number of extra headers. This is
       the equivalent option to -H, --header but is for proxy  communi-
       cation  only  like  in CONNECT requests when you want a separate
       header sent to the proxy to what is sent to  the  actual  remote
       host.

curl  will  make  sure  that each header you add/replace is sent
with the proper end-of-line marker, you should thus not add that
as a part of the header content: do not add newlines or carriage
returns, they will only mess things up for you.

Headers specified with this  option  will  not  be  included  in
requests that curl knows will not be sent to a proxy.

       This  option  can  be  used multiple times to add/replace/remove
       multiple headers.
       (Added in 7.37.0)
-p, --proxytunnel
       When an HTTP proxy is used (-x, --proxy), this option will cause
       non-HTTP  protocols  to  attempt  to  tunnel  through  the proxy
       instead of merely using it to do HTTP-like operations. The  tun-
       nel  approach  is  made  with the HTTP proxy CONNECT request and
       requires that the proxy allows direct connect to the remote port
       number curl wants to tunnel through to.

-P, --ftp-port <address>
       (FTP)  Reverses  the  default initiator/listener roles when con-
       necting with FTP. This switch makes curl  use  active  mode.  In
       practice,  curl  then  tells  the  server to connect back to the
       client's specified address and port, while passive mode asks the
       server  to  setup  an  IP address and port for it to connect to.
       <address> should be one of:

interface
       i.e "eth0" to specify which interface's  IP  address  you
       want to use (Unix only)

IP address
       i.e "192.168.10.1" to specify the exact IP address

host name
       i.e "my.host.domain" to specify the machine

Using  an  environment variable to set the proxy has the same effect as
using the --proxy option.

http_proxy [protocol://]<host>[:port]
       Sets the proxy server to use for HTTP.
HTTPS_PROXY [protocol://]<host>[:port]
       Sets the proxy server to use for HTTPS.

[url-protocol]_PROXY [protocol://]<host>[:port]
       Sets the proxy server to use for [url-protocol], where the  pro-
       tocol  is  a  protocol  that curl supports and as specified in a
       URL. FTP, FTPS, POP3, IMAP, SMTP, LDAP etc.

ALL_PROXY [protocol://]<host>[:port]
       Sets the proxy server to use if no  protocol-specific  proxy  is
       set.

NO_PROXY <comma-separated list of hosts>
       list  of  host names that shouldn't go through any proxy. If set
       to a asterisk '*' only, it matches all hosts.

If  no  protocol  is  specified  in  the  proxy string or if the string
doesn't match a supported one, the proxy will be  treated  as  an  HTTP
proxy.

The supported proxy protocol prefixes are as follows:

socks4://
       Makes it the equivalent of --socks4

socks4a://
       Makes it the equivalent of --socks4a

socks5://
       Makes it the equivalent of --socks5

socks5h://
       Makes it the equivalent of --socks5-hostname

1      Unsupported protocol. This build of curl has no support for this
       protocol.

2      Failed to initialize.

3      URL malformed. The syntax was not correct.

4      A feature or option that  was  needed  to  perform  the  desired
       request  was  not  enabled  or was explicitly disabled at build-
       time. To make curl able to do this, you  probably  need  another
       build of libcurl!

5      Couldn't  resolve  proxy.  The  given  proxy  host  could not be
       resolved.

6      Couldn't resolve host. The given remote host was not resolved.

7      Failed to connect to host.

8      Weird server reply. The server sent data curl couldn't parse.

9      FTP access denied. The server denied login or denied  access  to
       the  particular  resource or directory you wanted to reach. Most
       often you tried to change to a directory that doesn't  exist  on
       the server.

11     FTP  weird PASS reply. Curl couldn't parse the reply sent to the
       PASS request.

13     FTP weird PASV reply, Curl couldn't parse the reply sent to  the
       PASV request.

14     FTP  weird  227  format.  Curl  couldn't  parse the 227-line the
       server sent.

15     FTP can't get host. Couldn't resolve the host IP we got  in  the
       227-line.

17     FTP  couldn't  set  binary.  Couldn't  change transfer method to
       binary.

18     Partial file. Only a part of the file was transferred.

19     FTP couldn't download/access the given file, the RETR (or  simi-
       lar) command failed.

21     FTP quote error. A quote command returned error from the server.
22     HTTP  page  not  retrieved.  The  requested url was not found or
       returned another error with the HTTP error  code  being  400  or
       above. This return code only appears if -f, --fail is used.

23     Write  error.  Curl couldn't write data to a local filesystem or
       similar.

25     FTP couldn't STOR file. The server denied  the  STOR  operation,
       used for FTP uploading.

26     Read error. Various reading problems.

27     Out of memory. A memory allocation request failed.

28     Operation  timeout.  The  specified  time-out period was reached
       according to the conditions.

30     FTP PORT failed. The PORT command failed. Not  all  FTP  servers
       support  the  PORT  command,  try  doing  a  transfer using PASV
       instead!

31     FTP couldn't use REST. The REST command failed. This command  is
       used for resumed FTP transfers.

33     HTTP range error. The range "command" didn't work.

34     HTTP post error. Internal post-request generation error.

35     SSL connect error. The SSL handshaking failed.

36     FTP  bad  download  resume. Couldn't continue an earlier aborted
       download.

37     FILE couldn't read file. Failed to open the file. Permissions?

38     LDAP cannot bind. LDAP bind operation failed.

39     LDAP search failed.

41     Function not found. A required LDAP function was not found.

42     Aborted by callback. An application told curl to abort the oper-
       ation.

43     Internal error. A function was called with a bad parameter.

45     Interface  error.  A  specified  outgoing interface could not be
       used.

47     Too many redirects. When following redirects, curl hit the maxi-
       mum amount.

48     Unknown  option  specified  to  libcurl. This indicates that you
       passed a weird option to curl that was passed on to libcurl  and
       rejected. Read up in the manual!

49     Malformed telnet option.

51     The peer's SSL certificate or SSH MD5 fingerprint was not OK.

52     The  server  didn't  reply anything, which here is considered an
       error.

53     SSL crypto engine not found.

54     Cannot set SSL crypto engine as default.

55     Failed sending network data.

56     Failure in receiving network data.

58     Problem with the local certificate.

59     Couldn't use specified SSL cipher.

60     Peer certificate cannot be authenticated with known CA  certifi-
       cates.

61     Unrecognized transfer encoding.

62     Invalid LDAP URL.

63     Maximum file size exceeded.

64     Requested FTP SSL level failed.

65     Sending the data requires a rewind that failed.

66     Failed to initialise SSL Engine.

67     The  user  name,  password, or similar was not accepted and curl
       failed to log in.

68     File not found on TFTP server.

69     Permission problem on TFTP server.

70     Out of disk space on TFTP server.

71     Illegal TFTP operation.

72     Unknown TFTP transfer ID.

73     File already exists (TFTP).

74     No such user (TFTP).

75     Character conversion failed.

76     Character conversion functions required.

77     Problem with reading the SSL CA cert (path? access rights?).

78     The resource referenced in the URL does not exist.

79     An unspecified error occurred during the SSH session.

80     Failed to shut down the SSL connection.

82     Could not load CRL file,  missing  or  wrong  format  (added  in
       7.19.0).

83     Issuer check failed (added in 7.19.0).

84     The FTP PRET command failed

85     RTSP: mismatch of CSeq numbers

86     RTSP: mismatch of Session Identifiers

87     unable to parse FTP file list

88     FTP chunk callback reported error

89     No connection available, the session will be queued

90     SSL public key does not matched pinned public key

XX     More error codes will appear here in future releases. The exist-
       ing ones are meant to never change.

You always find news about what's going on as well as the latest versions
from the curl web pages, located at:

https://curl.haxx.se

Get the main page from Netscape's web-server:

curl http://www.netscape.com/

Get the README file the user's home directory at funet's ftp-server:

curl ftp://ftp.funet.fi/README

Get a web page from a server using port 8000:

curl http://www.weirdserver.com:8000/

Get a directory listing of an FTP site:

curl ftp://cool.haxx.se/

Get the definition of curl from a dictionary:

curl dict://dict.org/m:curl

Fetch two documents at once:

curl ftp://cool.haxx.se/ http://www.weirdserver.com:8000/

Get a file off an FTPS server:

curl ftps://files.are.secure.com/secrets.txt

or use the more appropriate FTPS way to get the same file:

curl --ftp-ssl ftp://files.are.secure.com/secrets.txt

Get a file from an SSH server using SFTP:

curl -u username sftp://example.com/etc/issue

Get a file from an SSH server using SCP using a private key
(not password-protected) to authenticate:

curl -u username: --key ~/.ssh/id_rsa \
     scp://example.com/~/file.txt

Get a file from an SSH server using SCP using a private key
(password-protected) to authenticate:

curl -u username: --key ~/.ssh/id_rsa --pass private_key_password \
     scp://example.com/~/file.txt

Get the main page from an IPv6 web server:

curl "http://[2001:1890:1112:1::20]/"

Get a file from an SMB server:

curl -u "domain\username:passwd" smb://server.example.com/share/file.txt

Get a web page and store in a local file with a specific name:

curl -o thatpage.html http://www.netscape.com/

Get a web page and store in a local file, make the local file get the name
of the remote document (if no file name part is specified in the URL, this
will fail):

curl -O http://www.netscape.com/index.html

Fetch two files and store them with their remote names:

curl -O www.haxx.se/index.html -O curl.haxx.se/download.html

FTP

To ftp files using name+passwd, include them in the URL like:

curl ftp://name:[email protected]:port/full/path/to/file

or specify them with the -u flag like

curl -u name:passwd ftp://machine.domain:port/full/path/to/file

FTPS

It is just like for FTP, but you may also want to specify and use
SSL-specific options for certificates etc.

Note that using FTPS:// as prefix is the "implicit" way as described in the
standards while the recommended "explicit" way is done by using FTP:// and
the --ftp-ssl option.

SFTP / SCP

This is similar to FTP, but you can use the --key option to specify a
private key to use instead of a password. Note that the private key may
itself be protected by a password that is unrelated to the login password
of the remote system; this password is specified using the --pass option.
Typically, curl will automatically extract the public key from the private
key file, but in cases where curl does not have the proper library support,
a matching public key file must be specified using the --pubkey option.

HTTP

Curl also supports user and password in HTTP URLs, thus you can pick a file
like:

curl http://name:[email protected]/full/path/to/file

or specify user and password separately like in

curl -u name:passwd http://machine.domain/full/path/to/file

HTTP offers many different methods of authentication and curl supports
several: Basic, Digest, NTLM and Negotiate (SPNEGO). Without telling which
method to use, curl defaults to Basic. You can also ask curl to pick the
most secure ones out of the ones that the server accepts for the given URL,
by using --anyauth.

NOTE! According to the URL specification, HTTP URLs can not contain a user
and password, so that style will not work when using curl via a proxy, even
though curl allows it at other times. When using a proxy, you _must_ use
the -u style for user and password.

HTTPS

Probably most commonly used with private certificates, as explained below.

curl supports both HTTP and SOCKS proxy servers, with optional authentication.
It does not have special support for FTP proxy servers since there are no
standards for those, but it can still be made to work with many of them. You
can also use both HTTP and SOCKS proxies to transfer files to and from FTP
servers.

Get an ftp file using an HTTP proxy named my-proxy that uses port 888:

curl -x my-proxy:888 ftp://ftp.leachsite.com/README

Get a file from an HTTP server that requires user and password, using the
same proxy as above:

curl -u user:passwd -x my-proxy:888 http://www.get.this/

Some proxies require special authentication. Specify by using -U as above:

curl -U user:passwd -x my-proxy:888 http://www.get.this/

A comma-separated list of hosts and domains which do not use the proxy can
be specified as:

curl --noproxy localhost,get.this -x my-proxy:888 http://www.get.this/

If the proxy is specified with --proxy1.0 instead of --proxy or -x, then
curl will use HTTP/1.0 instead of HTTP/1.1 for any CONNECT attempts.

curl also supports SOCKS4 and SOCKS5 proxies with --socks4 and --socks5.

See also the environment variables Curl supports that offer further proxy
control.

Most FTP proxy servers are set up to appear as a normal FTP server from the
client's perspective, with special commands to select the remote FTP server.
curl supports the -u, -Q and --ftp-account options that can be used to
set up transfers through many FTP proxies. For example, a file can be
uploaded to a remote FTP server using a Blue Coat FTP proxy with the
options:

curl -u "[email protected] Proxy-Username:Remote-Pass" \
 --ftp-account Proxy-Password --upload-file local-file \
 ftp://my-ftp.proxy.server:21/remote/upload/path/

See the manual for your FTP proxy to determine the form it expects to set up
transfers, and curl's -v option to see exactly what curl is sending.

HTTP 1.1 introduced byte-ranges. Using this, a client can request
to get only one or more subparts of a specified document. Curl supports
this with the -r flag.

Get the first 100 bytes of a document:

curl -r 0-99 http://www.get.this/

Get the last 500 bytes of a document:

curl -r -500 http://www.get.this/

Curl also supports simple ranges for FTP files as well. Then you can only
specify start and stop position.

Get the first 100 bytes of a document using FTP:

curl -r 0-99 ftp://www.get.this/README

FTP / FTPS / SFTP / SCP

Upload all data on stdin to a specified server:

curl -T - ftp://ftp.upload.com/myfile

Upload data from a specified file, login with user and password:

curl -T uploadfile -u user:passwd ftp://ftp.upload.com/myfile

Upload a local file to the remote site, and use the local file name at the remote
site too:

curl -T uploadfile -u user:passwd ftp://ftp.upload.com/

Upload a local file to get appended to the remote file:

curl -T localfile -a ftp://ftp.upload.com/remotefile

Curl also supports ftp upload through a proxy, but only if the proxy is
configured to allow that kind of tunneling. If it does, you can run curl in
a fashion similar to:

curl --proxytunnel -x proxy:port -T localfile ftp.upload.com

curl -T file.txt -u "domain\username:passwd"
 smb://server.example.com/share/

HTTP

Upload all data on stdin to a specified HTTP site:

curl -T - http://www.upload.com/myfile

Note that the HTTP server must have been configured to accept PUT before
this can be done successfully.

For other ways to do HTTP data upload, see the POST section below.

If curl fails where it isn't supposed to, if the servers don't let you in,
if you can't understand the responses: use the -v flag to get verbose
fetching. Curl will output lots of info and what it sends and receives in
order to let the user see all client-server interaction (but it won't show
you the actual data).

curl -v ftp://ftp.upload.com/

To get even more details and information on what curl does, try using the
--trace or --trace-ascii options with a given file name to log to, like
this:

curl --trace trace.txt www.haxx.se

Different protocols provide different ways of getting detailed information
about specific files/documents. To get curl to show detailed information
about a single file, you should use -I/--head option. It displays all
available info on a single file for HTTP and FTP. The HTTP information is a
lot more extensive.

For HTTP, you can get the header information (the same as -I would show)
shown before the data by using -i/--include. Curl understands the
-D/--dump-header option when getting files from both FTP and HTTP, and it
will then store the headers in the specified file.

Store the HTTP headers in a separate file (headers.txt in the example):

curl --dump-header headers.txt curl.haxx.se

Note that headers stored in a separate file can be very useful at a later
time if you want curl to use cookies sent by the server. More about that in
the cookies section.

It's easy to post data using curl. This is done using the -d <data>
option.  The post data must be urlencoded.

Post a simple "name" and "phone" guestbook.

curl -d "name=Rafael%20Sagula&phone=3320780" \
        http://www.where.com/guest.cgi

How to post a form with curl, lesson #1:

Dig out all the <input> tags in the form that you want to fill in. (There's
a perl program called formfind.pl on the curl site that helps with this).

If there's a "normal" post, you use -d to post. -d takes a full "post
string", which is in the format

<variable1>=<data1>&<variable2>=<data2>&...

The 'variable' names are the names set with "name=" in the <input> tags, and
the data is the contents you want to fill in for the inputs. The data *must*
be properly URL encoded. That means you replace space with + and that you
replace weird letters with %XX where XX is the hexadecimal representation of
the letter's ASCII code.

Example:

(page located at http://www.formpost.com/getthis/

<form action="post.cgi" method="post">
<input name=user size=10>
<input name=pass type=password size=10>
<input name=id type=hidden value="blablabla">
<input name=ding value="submit">
</form>

We want to enter user 'foobar' with password '12345'.

To post to this, you enter a curl command line like:

curl -d "user=foobar&pass=12345&id=blablabla&ding=submit"  (continues)
  http://www.formpost.com/getthis/post.cgi

While -d uses the application/x-www-form-urlencoded mime-type, generally
understood by CGI's and similar, curl also supports the more capable
multipart/form-data type. This latter type supports things like file upload.

-F accepts parameters like -F "name=contents". If you want the contents to
be read from a file, use <@filename> as contents. When specifying a file,
you can also specify the file content type by appending ';type=<mime type>'
to the file name. You can also post the contents of several files in one
field.  For example, the field name 'coolfiles' is used to send three files,
with different content types using the following syntax:

curl -F "[email protected];type=image/gif,fil2.txt,fil3.html" \
http://www.post.com/postit.cgi

If the content-type is not specified, curl will try to guess from the file
extension (it only knows a few), or use the previously specified type (from
an earlier file if several files are specified in a list) or else it will
use the default type 'application/octet-stream'.

Emulate a fill-in form with -F. Let's say you fill in three fields in a
form. One field is a file name which to post, one field is your name and one
field is a file description. We want to post the file we have written named
"cooltext.txt". To let curl do the posting of this data instead of your
favourite browser, you have to read the HTML source of the form page and
find the names of the input fields. In our example, the input field names
are 'file', 'yourname' and 'filedescription'.

curl -F "[email protected]" -F "yourname=Daniel" \
     -F "filedescription=Cool text file with cool text inside" \
     http://www.post.com/postit.cgi

To send two files in one post you can do it in two ways:

An HTTP request has the option to include information about which address
referred it to the actual page.  Curl allows you to specify the
referrer to be used on the command line. It is especially useful to
fool or trick stupid servers or CGI scripts that rely on that information
being available or contain certain data.

curl -e www.coolsite.com http://www.showme.com/

NOTE: The Referer: [sic] field is defined in the HTTP spec to be a full URL.

An HTTP request has the option to include information about the browser
that generated the request. Curl allows it to be specified on the command
line. It is especially useful to fool or trick stupid servers or CGI
scripts that only accept certain browsers.

Example:

curl -A 'Mozilla/3.0 (Win95; I)' http://www.nationsbank.com/

Other common strings:
  'Mozilla/3.0 (Win95; I)'     Netscape Version 3 for Windows 95
  'Mozilla/3.04 (Win95; U)'    Netscape Version 3 for Windows 95
  'Mozilla/2.02 (OS/2; U)'     Netscape Version 2 for OS/2
  'Mozilla/4.04 [en] (X11; U; AIX 4.2; Nav)'           NS for AIX
  'Mozilla/4.05 [en] (X11; U; Linux 2.0.32 i586)'      NS for Linux

Note that Internet Explorer tries hard to be compatible in every way:
  'Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)'    MSIE for W95

Mozilla is not the only possible User-Agent name:
  'Konqueror/1.0'             KDE File Manager desktop client
  'Lynx/2.7.1 libwww-FM/2.14' Lynx command line browser

Cookies are generally used by web servers to keep state information at the
client's side. The server sets cookies by sending a response line in the
headers that looks like 'Set-Cookie: <data>' where the data part then
typically contains a set of NAME=VALUE pairs (separated by semicolons ';'
like "NAME1=VALUE1; NAME2=VALUE2;"). The server can also specify for what
path the "cookie" should be used for (by specifying "path=value"), when the
cookie should expire ("expire=DATE"), for what domain to use it
("domain=NAME") and if it should be used on secure connections only
("secure").

If you've received a page from a server that contains a header like:
      Set-Cookie: sessionid=boo123; path="/foo";

it means the server wants that first pair passed on when we get anything in
a path beginning with "/foo".

Example, get a page that wants my name passed in a cookie:

curl -b "name=Daniel" www.sillypage.com

Curl also has the ability to use previously received cookies in following
sessions. If you get cookies from a server and store them in a file in a
manner similar to:

curl --dump-header headers www.example.com

The progress meter exists to show a user that something actually is
happening. The different fields in the output have the following meaning:

% Total    % Received % Xferd  Average Speed          Time             Curr.
                               Dload  Upload Total    Current  Left    Speed
0  151M    0 38608    0     0   9406      0  4:41:43  0:00:04  4:41:39  9287

From left-to-right:
 %             - percentage completed of the whole transfer
 Total         - total size of the whole expected transfer
 %             - percentage completed of the download
 Received      - currently downloaded amount of bytes
 %             - percentage completed of the upload
 Xferd         - currently uploaded amount of bytes
 Average Speed
 Dload         - the average transfer speed of the download
 Average Speed
 Upload        - the average transfer speed of the upload
 Time Total    - expected time to complete the operation
 Time Current  - time passed since the invoke
 Time Left     - expected time left to completion
 Curr.Speed    - the average transfer speed the last 5 seconds (the first
                 5 seconds of a transfer is based on less time of course.)

The -# option will display a totally different progress bar that doesn't
need much explanation!

Curl allows the user to set the transfer speed conditions that must be met
to let the transfer keep going. By using the switch -y and -Y you
can make curl abort transfers if the transfer speed is below the specified
lowest limit for a specified time.

To have curl abort the download if the speed is slower than 3000 bytes per
second for 1 minute, run:

curl -Y 3000 -y 60 www.far-away-site.com

This can very well be used in combination with the overall time limit, so
that the above operation must be completed in whole within 30 minutes:

curl -m 1800 -Y 3000 -y 60 www.far-away-site.com

Forcing curl not to transfer data faster than a given rate is also possible,
which might be useful if you're using a limited bandwidth connection and you
don't want your transfer to use all of it (sometimes referred to as
"bandwidth throttle").

Make curl transfer data no faster than 10 kilobytes per second:

curl --limit-rate 10K www.far-away-site.com

or

curl --limit-rate 10240 www.far-away-site.com

Or prevent curl from uploading data faster than 1 megabyte per second:

curl -T upload --limit-rate 1M ftp://uploadshereplease.com

When using the --limit-rate option, the transfer rate is regulated on a
per-second basis, which will cause the total transfer speed to become lower
than the given number. Sometimes of course substantially lower, if your
transfer stalls during periods.

Curl automatically tries to read the .curlrc file (or _curlrc file on win32
systems) from the user's home dir on startup.

The config file could be made up with normal command line switches, but you
can also specify the long options without the dashes to make it more
readable. You can separate the options and the parameter with spaces, or
with = or :. Comments can be used within the file. If the first letter on a
line is a '#'-symbol the rest of the line is treated as a comment.

If you want the parameter to contain spaces, you must enclose the entire
parameter within double quotes ("). Within those quotes, you specify a
quote as \".

NOTE: You must specify options and their arguments on the same line.

Example, set default time out and proxy in a config file:

# We want a 30 minute timeout:
-m 1800
# ... and we use a proxy for all accesses:
proxy = proxy.our.domain.com:8080

White spaces ARE significant at the end of lines, but all white spaces
leading up to the first characters of each line are ignored.

Prevent curl from reading the default file by using -q as the first command
line parameter, like:

curl -q www.thatsite.com

Force curl to get and display a local help page in case it is invoked
without URL by making a config file similar to:

# default url to get
url = "http://help.with.curl.com/curlhelp.html"

You can specify another config file to be read by using the -K/--config
flag. If you set config file name to "-" it'll read the config from stdin,
which can be handy if you want to hide options from being visible in process
tables etc:

echo "user = user:passwd" | curl -K - http://that.secret.site.com

When using curl in your own very special programs, you may end up needing
to pass on your own custom headers when getting a web page. You can do
this by using the -H flag.

Example, send the header "X-you-and-me: yes" to the server when getting a
page:

curl -H "X-you-and-me: yes" www.love.com

This can also be useful in case you want curl to send a different text in a
header than it normally does. The -H header you specify then replaces the
header curl would normally send. If you replace an internal header with an
empty one, you prevent that header from being sent. To prevent the Host:
header from being used:

curl -H "Host:" www.server.com

Do note that when getting files with the ftp:// URL, the given path is
relative the directory you enter. To get the file 'README' from your home
directory at your ftp site, do:

curl ftp://user:[email protected]/README

But if you want the README file from the root directory of that very same
site, you need to specify the absolute file name:

curl ftp://user:[email protected]//README

(I.e with an extra slash in front of the file name.)

With sftp: and scp: URLs, the path name given is the absolute name on the
server. To access a file relative to the remote user's home directory,
prefix the file with /~/ , such as:

curl -u $USER sftp://home.example.com/~/.bashrc

The FTP protocol requires one of the involved parties to open a second
connection as soon as data is about to get transferred. There are two ways to
do this.

The default way for curl is to issue the PASV command which causes the
server to open another port and await another connection performed by the
client. This is good if the client is behind a firewall that doesn't allow
incoming connections.

curl ftp.download.com

If the server, for example, is behind a firewall that doesn't allow connections
on ports other than 21 (or if it just doesn't support the PASV command), the
other way to do it is to use the PORT command and instruct the server to
connect to the client on the given IP number and port (as parameters to the
PORT command).

The -P flag to curl supports a few different options. Your machine may have
several IP-addresses and/or network interfaces and curl allows you to select
which of them to use. Default address can also be used:

curl -P - ftp.download.com

Download with PORT but use the IP address of our 'le0' interface (this does
not work on windows):

curl -P le0 ftp.download.com

Download with PORT but use 192.168.0.10 as our IP address to use:

curl -P 192.168.0.10 ftp.download.com

Get a web page from a server using a specified port for the interface:

curl --interface eth0:1 http://www.netscape.com/

or

curl --interface 192.168.1.10 http://www.netscape.com/

Secure HTTP requires SSL libraries to be installed and used when curl is
built. If that is done, curl is capable of retrieving and posting documents
using the HTTPS protocol.

Example:

curl https://www.secure-site.com

Curl is also capable of using your personal certificates to get/post files
from sites that require valid certificates. The only drawback is that the
certificate needs to be in PEM-format. PEM is a standard and open format to
store certificates with, but it is not used by the most commonly used
browsers (Netscape and MSIE both use the so called PKCS#12 format). If you
want curl to use the certificates you use with your (favourite) browser, you
may need to download/compile a converter that can convert your browser's
formatted certificates to PEM formatted ones. This kind of converter is
included in recent versions of OpenSSL, and for older versions Dr Stephen
N. Henson has written a patch for SSLeay that adds this functionality. You
can get his patch (that requires an SSLeay installation) from his site at:
http://www.drh-consultancy.demon.co.uk/

Example on how to automatically retrieve a document using a certificate with
a personal password:

curl -E /path/to/cert.pem:password https://secure.site.com/

If you neglect to specify the password on the command line, you will be
prompted for the correct password before any data can be received.

Many older SSL-servers have problems with SSLv3 or TLS, which newer versions
of OpenSSL etc use, therefore it is sometimes useful to specify what
SSL-version curl should use. Use -3, -2 or -1 to specify that exact SSL
version to use (for SSLv3, SSLv2 or TLSv1 respectively):

curl -2 https://secure.site.com/

Otherwise, curl will first attempt to use v3 and then v2.

To use OpenSSL to convert your favourite browser's certificate into a PEM
formatted one that curl can use, do something like this:

In Netscape, you start with hitting the 'Security' menu button.

Select 'certificates->yours' and then pick a certificate in the list

Press the 'Export' button

enter your PIN code for the certs

select a proper place to save it

Run the 'openssl' application to convert the certificate. If you cd to the
openssl installation, you can do it like:

# ./apps/openssl pkcs12 -in [file you saved] -clcerts -out [PEMfile]

In Firefox, select Options, then Advanced, then the Encryption tab,
View Certificates. This opens the Certificate Manager, where you can
Export. Be sure to select PEM for the Save as type.

In Internet Explorer, select Internet Options, then the Content tab, then
Certificates. Then you can Export, and depending on the format you may
need to convert to PEM.

In Chrome, select Settings, then Show Advanced Settings. Under HTTPS/SSL
select Manage Certificates.

To continue a file transfer where it was previously aborted, curl supports
resume on HTTP(S) downloads as well as FTP uploads and downloads.

Continue downloading a document:

curl -C - -o file ftp://ftp.server.com/path/file

Continue uploading a document(*1):

curl -C - -T file ftp://ftp.server.com/path/file

Continue downloading a document from a web server(*2):

curl -C - -o file http://www.server.com/

(*1) = This requires that the FTP server supports the non-standard command
       SIZE. If it doesn't, curl will say so.

(*2) = This requires that the web server supports at least HTTP/1.1. If it
       doesn't, curl will say so.

HTTP allows a client to specify a time condition for the document it
requests. It is If-Modified-Since or If-Unmodified-Since. Curl allows you to
specify them with the -z/--time-cond flag.

For example, you can easily make a download that only gets performed if the
remote file is newer than a local copy. It would be made like:

curl -z local.html http://remote.server.com/remote.html

Or you can download a file only if the local file is newer than the remote
one. Do this by prepending the date string with a '-', as in:

curl -z -local.html http://remote.server.com/remote.html

You can specify a "free text" date as condition. Tell curl to only download
the file if it was updated since January 12, 2012:

curl -z "Jan 12 2012" http://remote.server.com/remote.html

Curl will then accept a wide range of date formats. You always make the date
check the other way around by prepending it with a dash '-'.

For fun try

curl dict://dict.org/m:curl
curl dict://dict.org/d:heisenbug:jargon
curl dict://dict.org/d:daniel:web1913

Aliases for 'm' are 'match' and 'find', and aliases for 'd' are 'define'
and 'lookup'. For example,

curl dict://dict.org/find:curl

Commands that break the URL description of the RFC (but not the DICT
protocol) are

curl dict://dict.org/show:db
curl dict://dict.org/show:strat

Authentication is still missing (but this is not required by the RFC)

If you have installed the OpenLDAP library, curl can take advantage of it
and offer ldap:// support.

LDAP is a complex thing and writing an LDAP query is not an easy task. I do
advise you to dig up the syntax description for that elsewhere. One such
place might be:

RFC 2255, "The LDAP URL Format" https://curl.haxx.se/rfc/rfc2255.txt

To show you an example, this is how I can get all people from my local LDAP
server that has a certain sub-domain in their email address:

curl -B "ldap://ldap.frontec.se/o=frontec??sub?mail=*sth.frontec.se"

If I want the same info in HTML format, I can get it by not using the -B
(enforce ASCII) flag.

Curl reads and understands the following environment variables:

http_proxy, HTTPS_PROXY, FTP_PROXY

They should be set for protocol-specific proxies. General proxy should be
set with

ALL_PROXY

A comma-separated list of host names that shouldn't go through any proxy is
set in (only an asterisk, '*' matches all hosts)

NO_PROXY

If the host name matches one of these strings, or the host is within the
domain of one of these strings, transactions with that node will not be
proxied.

The usage of the -x/--proxy flag overrides the environment variables.

Unix introduced the .netrc concept a long time ago. It is a way for a user
to specify name and password for commonly visited FTP sites in a file so
that you don't have to type them in each time you visit those sites. You
realize this is a big security risk if someone else gets hold of your
passwords, so therefore most unix programs won't read this file unless it is
only readable by yourself (curl doesn't care though).

Curl supports .netrc files if told to (using the -n/--netrc and
--netrc-optional options). This is not restricted to just FTP,
so curl can use it for all protocols where authentication is used.

A very simple .netrc file could look something like:

machine curl.haxx.se login iamdaniel password mysecret

To better allow script programmers to get to know about the progress of
curl, the -w/--write-out option was introduced. Using this, you can specify
what information from the previous transfer you want to extract.

To display the amount of bytes downloaded together with some text and an
ending newline:

curl -w 'We downloaded %{size_download} bytes\n' www.download.com

Curl supports kerberos4 and kerberos5/GSSAPI for FTP transfers. You need
the kerberos package installed and used at curl build time for it to be
available.

First, get the krb-ticket the normal way, like with the kinit/kauth tool.
Then use curl in way similar to:

curl --krb private ftp://krb4site.com -u username:fakepwd

There's no use for a password on the -u switch, but a blank one will make
curl ask for one and you already entered the real password to kinit/kauth.

The curl telnet support is basic and very easy to use. Curl passes all data
passed to it on stdin to the remote server. Connect to a remote telnet
server using a command line similar to:

curl telnet://remote.server.com

And enter the data to pass to the server on stdin. The result will be sent
to stdout or to the file you specify with -o.

You might want the -N/--no-buffer option to switch off the buffered output
for slow connections or similar.

Pass options to the telnet protocol negotiation, by using the -t option. To
tell the server we use a vt100 terminal, try something like:

curl -tTTYPE=vt100 telnet://remote.server.com

Other interesting options for it -t include:

Specifying multiple files on a single command line will make curl transfer
all of them, one after the other in the specified order.

libcurl will attempt to use persistent connections for the transfers so that
the second transfer to the same host can use the same connection that was
already initiated and was left open in the previous transfer. This greatly
decreases connection time for all but the first transfer and it makes a far
better use of the network.

Note that curl cannot use persistent connections for transfers that are used
in subsequence curl invokes. Try to stuff as many URLs as possible on the
same command line if they are using the same host, as that'll make the
transfers faster. If you use an HTTP proxy for file transfers, practically
all transfers will be persistent.

As is mentioned above, you can download multiple files with one command line
by simply adding more URLs. If you want those to get saved to a local file
instead of just printed to stdout, you need to add one save option for each
URL you specify. Note that this also goes for the -O option (but not
--remote-name-all).

For example: get two files and use -O for the first and a custom file
name for the second:

curl -O http://url.com/file.txt ftp://ftp.com/moo.exe -o moo.jpg

You can also upload multiple files in a similar fashion:

curl -T local1 ftp://ftp.com/moo.exe -T local2 ftp://ftp.com/moo2.txt

curl will connect to a server with IPv6 when a host lookup returns an IPv6
address and fall back to IPv4 if the connection fails. The --ipv4 and --ipv6
options can specify which address to use when both are available. IPv6
addresses can also be specified directly in URLs using the syntax:

http://[2001:1890:1112:1::20]/overview.html

When this style is used, the -g option must be given to stop curl from
interpreting the square brackets as special globbing characters.  Link local
and site local addresses including a scope identifier, such as fe80::1234%1,
may also be used, but the scope portion must be numeric or match an existing
network interface on Linux and the percent character must be URL escaped. The
previous example in an SFTP URL might look like:

sftp://[fe80::1234%251]/

IPv6 addresses provided other than in URLs (e.g. to the --proxy, --interface
or --ftp-port options) should not be URL encoded.

Curl supports Metalink (both version 3 and 4 (RFC 5854) are supported), a way
to list multiple URIs and hashes for a file. Curl will make use of the mirrors
listed within for failover if there are errors (such as the file or server not
being available). It will also verify the hash of the file after the download
completes. The Metalink file itself is downloaded and processed in memory and
not stored in the local file system.

Example to use a remote Metalink file:

curl --metalink http://www.example.com/example.metalink

To use a Metalink file in the local file system, use FILE protocol (file://):

curl --metalink file://example.metalink

Please note that if FILE protocol is disabled, there is no way to use a local
Metalink file at the time of this writing. Also note that if --metalink and
--include are used together, --include will be ignored. This is because including
headers in the response will break Metalink parser and if the headers are included
in the file described in Metalink file, hash check will fail.

For your convenience, we have several open mailing lists to discuss curl,
its development and things relevant to this. Get all info at
https://curl.haxx.se/mail/. Some of the lists available are:

curl-users

Users of the command line tool. How to use it, what doesn't work, new
features, related tools, questions, news, installations, compilations,
running, porting etc.

curl-library

Developers using or developing libcurl. Bugs, extensions, improvements.

curl-announce

Low-traffic. Only receives announcements of new public versions. At worst,
that makes something like one or two mails per month, but usually only one
mail every second month.

curl-and-php

Using the curl functions in PHP. Everything curl with a PHP angle. Or PHP
with a curl angle.

curl-and-python

Python hackers using curl with or without the python binding pycurl.

Please direct curl questions, feature requests and trouble reports to one of
these mailing lists instead of mailing any individual.