1curl(1) Curl Manual curl(1)
2
6 curl - transfer a URL
7
9 curl [options / URLs]
10
12 curl is a tool to transfer data from or to a server, using one of the
13 supported protocols (DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP,
14 IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMB, SMBS,
15 SMTP, SMTPS, TELNET and TFTP). The command is designed to work without
16 user interaction.
17 curl offers a busload of useful tricks like proxy support, user authen‐
19 tication, FTP upload, HTTP post, SSL connections, cookies, file trans‐
20 fer resume, Metalink, and more. As you will see below, the number of
21 features will make your head spin!
22 curl is powered by libcurl for all transfer-related features. See
24 libcurl(3) for details.
25
27 The URL syntax is protocol-dependent. You'll find a detailed descrip‐
28 tion in RFC 3986.
29 You can specify multiple URLs or parts of URLs by writing part sets
31 within braces as in:
32 http://site.{one,two,three}.com
34 or you can get sequences of alphanumeric series by using [] as in:
36 ftp://ftp.example.com/file[1-100].txt
38 ftp://ftp.example.com/file[001-100].txt (with leading zeros)
40 ftp://ftp.example.com/file[a-z].txt
42 Nested sequences are not supported, but you can use several ones next
44 to each other:
45 http://example.com/archive[1996-1999]/vol[1-4]/part{a,b,c}.html
47 You can specify any amount of URLs on the command line. They will be
49 fetched in a sequential manner in the specified order. You can specify
50 command line options and URLs mixed and in any order on the command
51 line.
52 You can specify a step counter for the ranges to get every Nth number
54 or letter:
55 http://example.com/file[1-100:10].txt
57 http://example.com/file[a-z:2].txt
59 When using [] or {} sequences when invoked from a command line prompt,
61 you probably have to put the full URL within double quotes to avoid the
62 shell from interfering with it. This also goes for other characters
63 treated special, like for example '&', '?' and '*'.
64 Provide the IPv6 zone index in the URL with an escaped percentage sign
66 and the interface name. Like in
67 http://[fe80::3%25eth0]/
69 If you specify URL without protocol:// prefix, curl will attempt to
71 guess what protocol you might want. It will then default to HTTP but
72 try other protocols based on often-used host name prefixes. For exam‐
73 ple, for host names starting with "ftp." curl will assume you want to
74 speak FTP.
75 curl will do its best to use what you pass to it as a URL. It is not
77 trying to validate it as a syntactically correct URL by any means but
78 is instead very liberal with what it accepts.
79 curl will attempt to re-use connections for multiple file transfers, so
81 that getting many files from the same server will not do multiple con‐
82 nects / handshakes. This improves speed. Of course this is only done on
83 files specified on a single command line and cannot be used between
84 separate curl invokes.
85
87 curl normally displays a progress meter during operations, indicating
88 the amount of transferred data, transfer speeds and estimated time
89 left, etc. The progress meter displays number of bytes and the speeds
90 are in bytes per second. The suffixes (k, M, G, T, P) are 1024 based.
91 For example 1k is 1024 bytes. 1M is 1048576 bytes.
92 curl displays this data to the terminal by default, so if you invoke
94 curl to do an operation and it is about to write data to the terminal,
95 it disables the progress meter as otherwise it would mess up the output
96 mixing progress meter and response data.
97 If you want a progress meter for HTTP POST or PUT requests, you need to
99 redirect the response output to a file, using shell redirect (>), -o,
100 --output or similar.
101 It is not the same case for FTP upload as that operation does not spit
103 out any response data to the terminal.
104 If you prefer a progress "bar" instead of the regular meter, -#,
106 --progress-bar is your friend. You can also disable the progress meter
107 completely with the -s, --silent option.
108
110 Options start with one or two dashes. Many of the options require an
111 additional value next to them.
112 The short "single-dash" form of the options, -d for example, may be
114 used with or without a space between it and its value, although a space
115 is a recommended separator. The long "double-dash" form, -d, --data for
116 example, requires a space between it and its value.
117 Short version options that don't need any additional values can be used
119 immediately next to each other, like for example you can specify all
120 the options -O, -L and -v at once as -OLv.
121 In general, all boolean options are enabled with --option and yet again
123 disabled with --no-option. That is, you use the exact same option name
124 but prefix it with "no-". However, in this list we mostly only list and
125 show the --option version of them. (This concept with --no options was
126 added in 7.19.0. Previously most options were toggled on/off on
127 repeated use of the same command line option.)
128 --abstract-unix-socket <path>
130 (HTTP) Connect through an abstract Unix domain socket, instead
131 of using the network. Note: netstat shows the path of an
132 abstract socket prefixed with '@', however the <path> argument
133 should not have this leading character.
134 Added in 7.53.0.
136 --alt-svc <file name>
138 (HTTPS) WARNING: this option is experiemental. Do not use in
139 production.
140 This option enables the alt-svc parser in curl. If the file name
142 points to an existing alt-svc cache file, that will be used.
143 After a completed transfer, the cache will be saved to the file
144 name again if it has been modified.
145 Specify a "" file name (zero length) to avoid loading/saving and
147 make curl just handle the cache in memory.
148 If this option is used several times, curl will load contents
150 from all the files but the the last one will be used for saving.
151 Added in 7.64.1.
153 --anyauth
155 (HTTP) Tells curl to figure out authentication method by itself,
156 and use the most secure one the remote site claims to support.
157 This is done by first doing a request and checking the response-
158 headers, thus possibly inducing an extra network round-trip.
159 This is used instead of setting a specific authentication
160 method, which you can do with --basic, --digest, --ntlm, and
161 --negotiate.
162 Using --anyauth is not recommended if you do uploads from stdin,
164 since it may require data to be sent twice and then the client
165 must be able to rewind. If the need should arise when uploading
166 from stdin, the upload operation will fail.
167 Used together with -u, --user.
169 See also --proxy-anyauth and --basic and --digest.
171 -a, --append
173 (FTP SFTP) When used in an upload, this makes curl append to the
174 target file instead of overwriting it. If the remote file
175 doesn't exist, it will be created. Note that this flag is
176 ignored by some SFTP servers (including OpenSSH).
177 --basic
179 (HTTP) Tells curl to use HTTP Basic authentication with the
180 remote host. This is the default and this option is usually
181 pointless, unless you use it to override a previously set option
182 that sets a different authentication method (such as --ntlm,
183 --digest, or --negotiate).
184 Used together with -u, --user.
186 See also --proxy-basic.
188 --cacert <file>
190 (TLS) Tells curl to use the specified certificate file to verify
191 the peer. The file may contain multiple CA certificates. The
192 certificate(s) must be in PEM format. Normally curl is built to
193 use a default file for this, so this option is typically used to
194 alter that default file.
195 curl recognizes the environment variable named 'CURL_CA_BUNDLE'
197 if it is set, and uses the given path as a path to a CA cert
198 bundle. This option overrides that variable.
199 The windows version of curl will automatically look for a CA
201 certs file named ´curl-ca-bundle.crt´, either in the same direc‐
202 tory as curl.exe, or in the Current Working Directory, or in any
203 folder along your PATH.
204 If curl is built against the NSS SSL library, the NSS PEM
206 PKCS#11 module (libnsspem.so) needs to be available for this
207 option to work properly.
208 (iOS and macOS only) If curl is built against Secure Transport,
210 then this option is supported for backward compatibility with
211 other SSL engines, but it should not be set. If the option is
212 not set, then curl will use the certificates in the system and
213 user Keychain to verify the peer, which is the preferred method
214 of verifying the peer's certificate chain.
215 (Schannel only) This option is supported for Schannel in Windows
217 7 or later with libcurl 7.60 or later. This option is supported
218 for backward compatibility with other SSL engines; instead it is
219 recommended to use Windows' store of root certificates (the
220 default for Schannel).
221 If this option is used several times, the last one will be used.
223 --capath <dir>
225 (TLS) Tells curl to use the specified certificate directory to
226 verify the peer. Multiple paths can be provided by separating
227 them with ":" (e.g. "path1:path2:path3"). The certificates must
228 be in PEM format, and if curl is built against OpenSSL, the
229 directory must have been processed using the c_rehash utility
230 supplied with OpenSSL. Using --capath can allow OpenSSL-powered
231 curl to make SSL-connections much more efficiently than using
232 --cacert if the --cacert file contains many CA certificates.
233 If this option is set, the default capath value will be ignored,
235 and if it is used several times, the last one will be used.
236 --cert-status
238 (TLS) Tells curl to verify the status of the server certificate
239 by using the Certificate Status Request (aka. OCSP stapling) TLS
240 extension.
241 If this option is enabled and the server sends an invalid (e.g.
243 expired) response, if the response suggests that the server cer‐
244 tificate has been revoked, or no response at all is received,
245 the verification fails.
246 This is currently only implemented in the OpenSSL, GnuTLS and
248 NSS backends.
249 Added in 7.41.0.
251 --cert-type <type>
253 (TLS) Tells curl what type the provided client certificate is
254 using. PEM, DER, ENG and P12 are recognized types. If not spec‐
255 ified, PEM is assumed.
256 If this option is used several times, the last one will be used.
258 See also -E, --cert and --key and --key-type.
260 -E, --cert <certificate[:password]>
262 (TLS) Tells curl to use the specified client certificate file
263 when getting a file with HTTPS, FTPS or another SSL-based proto‐
264 col. The certificate must be in PKCS#12 format if using Secure
265 Transport, or PEM format if using any other engine. If the
266 optional password isn't specified, it will be queried for on the
267 terminal. Note that this option assumes a "certificate" file
268 that is the private key and the client certificate concatenated!
269 See -E, --cert and --key to specify them independently.
270 If curl is built against the NSS SSL library then this option
272 can tell curl the nickname of the certificate to use within the
273 NSS database defined by the environment variable SSL_DIR (or by
274 default /etc/pki/nssdb). If the NSS PEM PKCS#11 module (lib‐
275 nsspem.so) is available then PEM files may be loaded. If you
276 want to use a file from the current directory, please precede it
277 with "./" prefix, in order to avoid confusion with a nickname.
278 If the nickname contains ":", it needs to be preceded by "\" so
279 that it is not recognized as password delimiter. If the nick‐
280 name contains "\", it needs to be escaped as "\\" so that it is
281 not recognized as an escape character.
282 If curl is built against OpenSSL library, and the engine pkcs11
284 is available, then a PKCS#11 URI (RFC 7512) can be used to spec‐
285 ify a certificate located in a PKCS#11 device. A string begin‐
286 ning with "pkcs11:" will be interpreted as a PKCS#11 URI. If a
287 PKCS#11 URI is provided, then the --engine option will be set as
288 "pkcs11" if none was provided and the --cert-type option will be
289 set as "ENG" if none was provided.
290 (iOS and macOS only) If curl is built against Secure Transport,
292 then the certificate string can either be the name of a certifi‐
293 cate/private key in the system or user keychain, or the path to
294 a PKCS#12-encoded certificate and private key. If you want to
295 use a file from the current directory, please precede it with
296 "./" prefix, in order to avoid confusion with a nickname.
297 (Schannel only) Client certificates must be specified by a path
299 expression to a certificate store. (Loading PFX is not sup‐
300 ported; you can import it to a store first). You can use "<store
301 location>\<store name>\<thumbprint>" to refer to a certificate
302 in the system certificates store, for example, "Curren‐
303 tUser\MY\934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a". Thumbprint
304 is usually a SHA-1 hex string which you can see in certificate
305 details. Following store locations are supported: CurrentUser,
306 LocalMachine, CurrentService, Services, CurrentUserGroupPolicy,
307 LocalMachineGroupPolicy, LocalMachineEnterprise.
308 If this option is used several times, the last one will be used.
310 See also --cert-type and --key and --key-type.
312 --ciphers <list of ciphers>
314 (TLS) Specifies which ciphers to use in the connection. The list
315 of ciphers must specify valid ciphers. Read up on SSL cipher
316 list details on this URL:
317 https://curl.haxx.se/docs/ssl-ciphers.html
319 If this option is used several times, the last one will be used.
321 --compressed-ssh
323 (SCP SFTP) Enables built-in SSH compression. This is a request,
324 not an order; the server may or may not do it.
325 Added in 7.56.0.
327 --compressed
329 (HTTP) Request a compressed response using one of the algorithms
330 curl supports, and save the uncompressed document. If this
331 option is used and the server sends an unsupported encoding,
332 curl will report an error.
333 -K, --config <file>
335 Specify a text file to read curl arguments from. The command
337 line arguments found in the text file will be used as if they
338 were provided on the command line.
339 Options and their parameters must be specified on the same line
341 in the file, separated by whitespace, colon, or the equals sign.
342 Long option names can optionally be given in the config file
343 without the initial double dashes and if so, the colon or equals
344 characters can be used as separators. If the option is specified
345 with one or two dashes, there can be no colon or equals charac‐
346 ter between the option and its parameter.
347 If the parameter contains whitespace (or starts with : or =),
349 the parameter must be enclosed within quotes. Within double
350 quotes, the following escape sequences are available: \\, \",
351 \t, \n, \r and \v. A backslash preceding any other letter is
352 ignored. If the first column of a config line is a '#' charac‐
353 ter, the rest of the line will be treated as a comment. Only
354 write one option per physical line in the config file.
355 Specify the filename to -K, --config as '-' to make curl read
357 the file from stdin.
358 Note that to be able to specify a URL in the config file, you
360 need to specify it using the --url option, and not by simply
361 writing the URL on its own line. So, it could look similar to
362 this:
363 url = "https://curl.haxx.se/docs/"
365 When curl is invoked, it (unless -q, --disable is used) checks
367 for a default config file and uses it if found. The default con‐
368 fig file is checked for in the following places in this order:
369 1) curl tries to find the "home dir": It first checks for the
371 CURL_HOME and then the HOME environment variables. Failing that,
372 it uses getpwuid() on Unix-like systems (which returns the home
373 dir given the current user in your system). On Windows, it then
374 checks for the APPDATA variable, or as a last resort the '%USER‐
375 PROFILE%\Application Data'.
376 2) On windows, if there is no .curlrc file in the home dir, it
378 checks for one in the same dir the curl executable is placed. On
379 Unix-like systems, it will simply try to load .curlrc from the
380 determined home dir.
381 # --- Example file ---
383 # this is a comment
384 url = "example.com"
385 output = "curlhere.html"
386 user-agent = "superagent/1.0"
387 # and fetch another URL too
389 url = "example.com/docs/manpage.html"
390 -O
391 referer = "http://nowhereatall.example.com/"
392 # --- End of example file ---
393 This option can be used multiple times to load multiple config
395 files.
396 --connect-timeout <seconds>
398 Maximum time in seconds that you allow curl's connection to
399 take. This only limits the connection phase, so if curl con‐
400 nects within the given period it will continue - if not it will
401 exit. Since version 7.32.0, this option accepts decimal values.
402 If this option is used several times, the last one will be used.
404 See also -m, --max-time.
406 --connect-to <HOST1:PORT1:HOST2:PORT2>
408 For a request to the given HOST1:PORT1 pair, connect to
410 HOST2:PORT2 instead. This option is suitable to direct requests
411 at a specific server, e.g. at a specific cluster node in a clus‐
412 ter of servers. This option is only used to establish the net‐
413 work connection. It does NOT affect the hostname/port that is
414 used for TLS/SSL (e.g. SNI, certificate verification) or for the
415 application protocols. "HOST1" and "PORT1" may be the empty
416 string, meaning "any host/port". "HOST2" and "PORT2" may also be
417 the empty string, meaning "use the request's original
418 host/port".
419 A "host" specified to this option is compared as a string, so it
421 needs to match the name used in request URL. It can be either
422 numerical such as "127.0.0.1" or the full host name such as
423 "example.org".
424 This option can be used many times to add many connect rules.
426 See also --resolve and -H, --header. Added in 7.49.0.
428 -C, --continue-at <offset>
430 Continue/Resume a previous file transfer at the given offset.
431 The given offset is the exact number of bytes that will be
432 skipped, counting from the beginning of the source file before
433 it is transferred to the destination. If used with uploads, the
434 FTP server command SIZE will not be used by curl.
435 Use "-C -" to tell curl to automatically find out where/how to
437 resume the transfer. It then uses the given output/input files
438 to figure that out.
439 If this option is used several times, the last one will be used.
441 See also -r, --range.
443 -c, --cookie-jar <filename>
445 (HTTP) Specify to which file you want curl to write all cookies
446 after a completed operation. Curl writes all cookies from its
447 in-memory cookie storage to the given file at the end of opera‐
448 tions. If no cookies are known, no data will be written. The
449 file will be written using the Netscape cookie file format. If
450 you set the file name to a single dash, "-", the cookies will be
451 written to stdout.
452 This command line option will activate the cookie engine that
454 makes curl record and use cookies. Another way to activate it is
455 to use the -b, --cookie option.
456 If the cookie jar can't be created or written to, the whole curl
458 operation won't fail or even report an error clearly. Using -v,
459 --verbose will get a warning displayed, but that is the only
460 visible feedback you get about this possibly lethal situation.
461 If this option is used several times, the last specified file
463 name will be used.
464 -b, --cookie <data|filename>
466 (HTTP) Pass the data to the HTTP server in the Cookie header. It
467 is supposedly the data previously received from the server in a
468 "Set-Cookie:" line. The data should be in the format
469 "NAME1=VALUE1; NAME2=VALUE2".
470 If no '=' symbol is used in the argument, it is instead treated
472 as a filename to read previously stored cookie from. This option
473 also activates the cookie engine which will make curl record
474 incoming cookies, which may be handy if you're using this in
475 combination with the -L, --location option or do multiple URL
476 transfers on the same invoke. If the file name is exactly a
477 minus ("-"), curl will instead the contents from stdin.
478 The file format of the file to read cookies from should be plain
480 HTTP headers (Set-Cookie style) or the Netscape/Mozilla cookie
481 file format.
482 The file specified with -b, --cookie is only used as input. No
484 cookies will be written to the file. To store cookies, use the
485 -c, --cookie-jar option.
486 Exercise caution if you are using this option and multiple
488 transfers may occur. If you use the NAME1=VALUE1; format, or in
489 a file use the Set-Cookie format and don't specify a domain,
490 then the cookie is sent for any domain (even after redirects are
491 followed) and cannot be modified by a server-set cookie. If the
492 cookie engine is enabled and a server sets a cookie of the same
493 name then both will be sent on a future transfer to that server,
494 likely not what you intended. To address these issues set a
495 domain in Set-Cookie (doing that will include sub domains) or
496 use the Netscape format.
497 If this option is used several times, the last one will be used.
499 Users very often want to both read cookies from a file and write
501 updated cookies back to a file, so using both -b, --cookie and
502 -c, --cookie-jar in the same command line is common.
503 --create-dirs
505 When used in conjunction with the -o, --output option, curl will
506 create the necessary local directory hierarchy as needed. This
507 option creates the dirs mentioned with the -o, --output option,
508 nothing else. If the --output file name uses no dir or if the
509 dirs it mentions already exist, no dir will be created.
510 To create remote directories when using FTP or SFTP, try --ftp-
512 create-dirs.
513 --crlf (FTP SMTP) Convert LF to CRLF in upload. Useful for MVS
515 (OS/390).
516 (SMTP added in 7.40.0)
518 --crlfile <file>
520 (TLS) Provide a file using PEM format with a Certificate Revoca‐
521 tion List that may specify peer certificates that are to be con‐
522 sidered revoked.
523 If this option is used several times, the last one will be used.
525 Added in 7.19.7.
527 --data-ascii <data>
529 (HTTP) This is just an alias for -d, --data.
530 --data-binary <data>
532 (HTTP) This posts data exactly as specified with no extra pro‐
533 cessing whatsoever.
534 If you start the data with the letter @, the rest should be a
536 filename. Data is posted in a similar manner as -d, --data
537 does, except that newlines and carriage returns are preserved
538 and conversions are never done.
539 Like -d, --data the default content-type sent to the server is
541 application/x-www-form-urlencoded. If you want the data to be
542 treated as arbitrary binary data by the server then set the con‐
543 tent-type to octet-stream: -H "Content-Type: application/octet-
544 stream".
545 If this option is used several times, the ones following the
547 first will append data as described in -d, --data.
548 --data-raw <data>
550 (HTTP) This posts data similarly to -d, --data but without the
551 special interpretation of the @ character.
552 See also -d, --data. Added in 7.43.0.
554 --data-urlencode <data>
556 (HTTP) This posts data, similar to the other -d, --data options
557 with the exception that this performs URL-encoding.
558 To be CGI-compliant, the <data> part should begin with a name
560 followed by a separator and a content specification. The <data>
561 part can be passed to curl using one of the following syntaxes:
562 content
564 This will make curl URL-encode the content and pass that
565 on. Just be careful so that the content doesn't contain
566 any = or @ symbols, as that will then make the syntax
567 match one of the other cases below!
568 =content
570 This will make curl URL-encode the content and pass that
571 on. The preceding = symbol is not included in the data.
572 name=content
574 This will make curl URL-encode the content part and pass
575 that on. Note that the name part is expected to be URL-
576 encoded already.
577 @filename
579 This will make curl load data from the given file
580 (including any newlines), URL-encode that data and pass
581 it on in the POST.
582 name@filename
584 This will make curl load data from the given file
585 (including any newlines), URL-encode that data and pass
586 it on in the POST. The name part gets an equal sign
587 appended, resulting in name=urlencoded-file-content. Note
588 that the name is expected to be URL-encoded already.
589 See also -d, --data and --data-raw. Added in 7.18.0.
591 -d, --data <data>
593 (HTTP) Sends the specified data in a POST request to the HTTP
594 server, in the same way that a browser does when a user has
595 filled in an HTML form and presses the submit button. This will
596 cause curl to pass the data to the server using the content-type
597 application/x-www-form-urlencoded. Compare to -F, --form.
598 --data-raw is almost the same but does not have a special inter‐
600 pretation of the @ character. To post data purely binary, you
601 should instead use the --data-binary option. To URL-encode the
602 value of a form field you may use --data-urlencode.
603 If any of these options is used more than once on the same com‐
605 mand line, the data pieces specified will be merged together
606 with a separating &-symbol. Thus, using '-d name=daniel -d
607 skill=lousy' would generate a post chunk that looks like
608 'name=daniel&skill=lousy'.
609 If you start the data with the letter @, the rest should be a
611 file name to read the data from, or - if you want curl to read
612 the data from stdin. Multiple files can also be specified. Post‐
613 ing data from a file named 'foobar' would thus be done with -d,
614 --data @foobar. When --data is told to read from a file like
615 that, carriage returns and newlines will be stripped out. If you
616 don't want the @ character to have a special interpretation use
617 --data-raw instead.
618 See also --data-binary and --data-urlencode and --data-raw. This
620 option overrides -F, --form and -I, --head and -T, --upload-
621 file.
622 --delegation <LEVEL>
624 (GSS/kerberos) Set LEVEL to tell the server what it is allowed
625 to delegate when it comes to user credentials.
626 none Don't allow any delegation.
628 policy Delegates if and only if the OK-AS-DELEGATE flag is set
630 in the Kerberos service ticket, which is a matter of
631 realm policy.
632 always Unconditionally allow the server to delegate.
634 --digest
636 (HTTP) Enables HTTP Digest authentication. This is an authenti‐
637 cation scheme that prevents the password from being sent over
638 the wire in clear text. Use this in combination with the normal
639 -u, --user option to set user name and password.
640 If this option is used several times, only the first one is
642 used.
643 See also -u, --user and --proxy-digest and --anyauth. This
645 option overrides --basic and --ntlm and --negotiate.
646 --disable-eprt
648 (FTP) Tell curl to disable the use of the EPRT and LPRT commands
649 when doing active FTP transfers. Curl will normally always first
650 attempt to use EPRT, then LPRT before using PORT, but with this
651 option, it will use PORT right away. EPRT and LPRT are exten‐
652 sions to the original FTP protocol, and may not work on all
653 servers, but they enable more functionality in a better way than
654 the traditional PORT command.
655 --eprt can be used to explicitly enable EPRT again and --no-eprt
657 is an alias for --disable-eprt.
658 If the server is accessed using IPv6, this option will have no
660 effect as EPRT is necessary then.
661 Disabling EPRT only changes the active behavior. If you want to
663 switch to passive mode you need to not use -P, --ftp-port or
664 force it with --ftp-pasv.
665 --disable-epsv
667 (FTP) (FTP) Tell curl to disable the use of the EPSV command
668 when doing passive FTP transfers. Curl will normally always
669 first attempt to use EPSV before PASV, but with this option, it
670 will not try using EPSV.
671 --epsv can be used to explicitly enable EPSV again and --no-epsv
673 is an alias for --disable-epsv.
674 If the server is an IPv6 host, this option will have no effect
676 as EPSV is necessary then.
677 Disabling EPSV only changes the passive behavior. If you want to
679 switch to active mode you need to use -P, --ftp-port.
680 -q, --disable
682 If used as the first parameter on the command line, the curlrc
683 config file will not be read and used. See the -K, --config for
684 details on the default config file search path.
685 --disallow-username-in-url
687 (HTTP) This tells curl to exit if passed a url containing a
688 username.
689 See also --proto. Added in 7.61.0.
691 --dns-interface <interface>
693 (DNS) Tell curl to send outgoing DNS requests through <inter‐
694 face>. This option is a counterpart to --interface (which does
695 not affect DNS). The supplied string must be an interface name
696 (not an address).
697 See also --dns-ipv4-addr and --dns-ipv6-addr. --dns-interface
699 requires that the underlying libcurl was built to support c-
700 ares. Added in 7.33.0.
701 --dns-ipv4-addr <address>
703 (DNS) Tell curl to bind to <ip-address> when making IPv4 DNS
704 requests, so that the DNS requests originate from this address.
705 The argument should be a single IPv4 address.
706 See also --dns-interface and --dns-ipv6-addr. --dns-ipv4-addr
708 requires that the underlying libcurl was built to support c-
709 ares. Added in 7.33.0.
710 --dns-ipv6-addr <address>
712 (DNS) Tell curl to bind to <ip-address> when making IPv6 DNS
713 requests, so that the DNS requests originate from this address.
714 The argument should be a single IPv6 address.
715 See also --dns-interface and --dns-ipv4-addr. --dns-ipv6-addr
717 requires that the underlying libcurl was built to support c-
718 ares. Added in 7.33.0.
719 --dns-servers <addresses>
721 Set the list of DNS servers to be used instead of the system
722 default. The list of IP addresses should be separated with com‐
723 mas. Port numbers may also optionally be given as :<port-number>
724 after each IP address.
725 --dns-servers requires that the underlying libcurl was built to
727 support c-ares. Added in 7.33.0.
728 --doh-url <URL>
730 (all) Specifies which DNS-over-HTTPS (DOH) server to use to
731 resolve hostnames, instead of using the default name resolver
732 mechanism. The URL must be HTTPS.
733 If this option is used several times, the last one will be used.
735 Added in 7.62.0.
737 -D, --dump-header <filename>
739 (HTTP FTP) Write the received protocol headers to the specified
740 file.
741 This option is handy to use when you want to store the headers
743 that an HTTP site sends to you. Cookies from the headers could
744 then be read in a second curl invocation by using the -b,
745 --cookie option! The -c, --cookie-jar option is a better way to
746 store cookies.
747 If no headers are received, the use of this option will create
749 an empty file.
750 When used in FTP, the FTP server response lines are considered
752 being "headers" and thus are saved there.
753 If this option is used several times, the last one will be used.
755 See also -o, --output.
757 --egd-file <file>
759 (TLS) Specify the path name to the Entropy Gathering Daemon
760 socket. The socket is used to seed the random engine for SSL
761 connections.
762 See also --random-file.
764 --engine <name>
766 (TLS) Select the OpenSSL crypto engine to use for cipher opera‐
767 tions. Use --engine list to print a list of build-time supported
768 engines. Note that not all (or none) of the engines may be
769 available at run-time.
770 --expect100-timeout <seconds>
772 (HTTP) Maximum time in seconds that you allow curl to wait for a
773 100-continue response when curl emits an Expects: 100-continue
774 header in its request. By default curl will wait one second.
775 This option accepts decimal values! When curl stops waiting, it
776 will continue as if the response has been received.
777 See also --connect-timeout. Added in 7.47.0.
779 --fail-early
781 Fail and exit on the first detected transfer error.
782 When curl is used to do multiple transfers on the command line,
784 it will attempt to operate on each given URL, one by one. By
785 default, it will ignore errors if there are more URLs given and
786 the last URL's success will determine the error code curl
787 returns. So early failures will be "hidden" by subsequent suc‐
788 cessful transfers.
789 Using this option, curl will instead return an error on the
791 first transfer that fails, independent of the amount of URLs
792 that are given on the command line. This way, no transfer fail‐
793 ures go undetected by scripts and similar.
794 This option is global and does not need to be specified for each
796 use of -:, --next.
797 This option does not imply -f, --fail, which causes transfers to
799 fail due to the server's HTTP status code. You can combine the
800 two options, however note -f, --fail is not global and is there‐
801 fore contained by -:, --next.
802 Added in 7.52.0.
804 -f, --fail
806 (HTTP) Fail silently (no output at all) on server errors. This
807 is mostly done to better enable scripts etc to better deal with
808 failed attempts. In normal cases when an HTTP server fails to
809 deliver a document, it returns an HTML document stating so
810 (which often also describes why and more). This flag will pre‐
811 vent curl from outputting that and return error 22.
812 This method is not fail-safe and there are occasions where non-
814 successful response codes will slip through, especially when
815 authentication is involved (response codes 401 and 407).
816 --false-start
818 (TLS) Tells curl to use false start during the TLS handshake.
819 False start is a mode where a TLS client will start sending
820 application data before verifying the server's Finished message,
821 thus saving a round trip when performing a full handshake.
822 This is currently only implemented in the NSS and Secure Trans‐
824 port (on iOS 7.0 or later, or OS X 10.9 or later) backends.
825 Added in 7.42.0.
827 --form-string <name=string>
829 (HTTP SMTP IMAP) Similar to -F, --form except that the value
830 string for the named parameter is used literally. Leading '@'
831 and '<' characters, and the ';type=' string in the value have no
832 special meaning. Use this in preference to -F, --form if there's
833 any possibility that the string value may accidentally trigger
834 the '@' or '<' features of -F, --form.
835 See also -F, --form.
837 -F, --form <name=content>
839 (HTTP SMTP IMAP) For HTTP protocol family, this lets curl emu‐
840 late a filled-in form in which a user has pressed the submit
841 button. This causes curl to POST data using the Content-Type
842 multipart/form-data according to RFC 2388.
843 For SMTP and IMAP protocols, this is the mean to compose a mul‐
845 tipart mail message to transmit.
846 This enables uploading of binary files etc. To force the 'con‐
848 tent' part to be a file, prefix the file name with an @ sign. To
849 just get the content part from a file, prefix the file name with
850 the symbol <. The difference between @ and < is then that @
851 makes a file get attached in the post as a file upload, while
852 the < makes a text field and just get the contents for that text
853 field from a file.
854 Tell curl to read content from stdin instead of a file by using
856 - as filename. This goes for both @ and < constructs. When stdin
857 is used, the contents is buffered in memory first by curl to
858 determine its size and allow a possible resend. Defining a
859 part's data from a named non-regular file (such as a named pipe
860 or similar) is unfortunately not subject to buffering and will
861 be effectively read at transmission time; since the full size is
862 unknown before the transfer starts, such data is sent as chunks
863 by HTTP and rejected by IMAP.
864 Example: send an image to an HTTP server, where 'profile' is the
866 name of the form-field to which the file portrait.jpg will be
867 the input:
868 curl -F profile=@portrait.jpg https://example.com/upload.cgi
870 Example: send a your name and shoe size in two text fields to
872 the server:
873 curl -F name=John -F shoesize=11 https://example.com/
875 Example: send a your essay in a text field to the server. Send
877 it as a plain text field, but get the contents for it from a
878 local file:
879 curl -F "story=<hugefile.txt" https://example.com/
881 You can also tell curl what Content-Type to use by using
883 'type=', in a manner similar to:
884 curl -F "web=@index.html;type=text/html" example.com
886 or
888 curl -F "name=daniel;type=text/foo" example.com
890 You can also explicitly change the name field of a file upload
892 part by setting filename=, like this:
893 curl -F "file=@localfile;filename=nameinpost" example.com
895 If filename/path contains ',' or ';', it must be quoted by dou‐
897 ble-quotes like:
898 curl -F "file=@\"localfile\";filename=\"nameinpost\"" exam‐
900 ple.com
901 or
903 curl -F 'file=@"localfile";filename="nameinpost"' example.com
905 Note that if a filename/path is quoted by double-quotes, any
907 double-quote or backslash within the filename must be escaped by
908 backslash.
909 Quoting must also be applied to non-file data if it contains
911 semicolons, leading/trailing spaces or leading double quotes:
912 curl -F 'colors="red; green; blue";type=text/x-myapp' exam‐
914 ple.com
915 You can add custom headers to the field by setting headers=,
917 like
918 curl -F "submit=OK;headers=\"X-submit-type: OK\"" example.com
920 or
922 curl -F "submit=OK;headers=@headerfile" example.com
924 The headers= keyword may appear more that once and above notes
926 about quoting apply. When headers are read from a file, Empty
927 lines and lines starting with '#' are comments and ignored; each
928 header can be folded by splitting between two words and starting
929 the continuation line with a space; embedded carriage-returns
930 and trailing spaces are stripped. Here is an example of a
931 header file contents:
932 # This file contain two headers.
934 X-header-1: this is a header
935 # The following header is folded.
937 X-header-2: this is
938 another header
939 To support sending multipart mail messages, the syntax is
942 extended as follows:
943 - name can be omitted: the equal sign is the first character of
944 the argument,
945 - if data starts with '(', this signals to start a new multi‐
946 part: it can be followed by a content type specification.
947 - a multipart can be terminated with a '=)' argument.
948 Example: the following command sends an SMTP mime e-mail con‐
950 sisting in an inline part in two alternative formats: plain text
951 and HTML. It attaches a text file:
952 curl -F '=(;type=multipart/alternative' \
954 -F '=plain text message' \
955 -F '= <body>HTML message</body>;type=text/html' \
956 -F '=)' -F '=@textfile.txt' ... smtp://example.com
957 Data can be encoded for transfer using encoder=. Available
959 encodings are binary and 8bit that do nothing else than adding
960 the corresponding Content-Transfer-Encoding header, 7bit that
961 only rejects 8-bit characters with a transfer error, quoted-
962 printable and base64 that encodes data according to the corre‐
963 sponding schemes, limiting lines length to 76 characters.
964 Example: send multipart mail with a quoted-printable text mes‐
966 sage and a base64 attached file:
967 curl -F '=text message;encoder=quoted-printable' \
969 -F '=@localfile;encoder=base64' ... smtp://example.com
970 See further examples and details in the MANUAL.
972 This option can be used multiple times.
974 This option overrides -d, --data and -I, --head and -T,
976 --upload-file.
977 --ftp-account <data>
979 (FTP) When an FTP server asks for "account data" after user name
980 and password has been provided, this data is sent off using the
981 ACCT command.
982 If this option is used several times, the last one will be used.
984 Added in 7.13.0.
986 --ftp-alternative-to-user <command>
988 (FTP) If authenticating with the USER and PASS commands fails,
989 send this command. When connecting to Tumbleweed's Secure
990 Transport server over FTPS using a client certificate, using
991 "SITE AUTH" will tell the server to retrieve the username from
992 the certificate.
993 Added in 7.15.5.
995 --ftp-create-dirs
997 (FTP SFTP) When an FTP or SFTP URL/operation uses a path that
998 doesn't currently exist on the server, the standard behavior of
999 curl is to fail. Using this option, curl will instead attempt to
1000 create missing directories.
1001 See also --create-dirs.
1003 --ftp-method <method>
1005 (FTP) Control what method curl should use to reach a file on an
1006 FTP(S) server. The method argument should be one of the follow‐
1007 ing alternatives:
1008 multicwd
1010 curl does a single CWD operation for each path part in
1011 the given URL. For deep hierarchies this means very many
1012 commands. This is how RFC 1738 says it should be done.
1013 This is the default but the slowest behavior.
1014 nocwd curl does no CWD at all. curl will do SIZE, RETR, STOR
1016 etc and give a full path to the server for all these com‐
1017 mands. This is the fastest behavior.
1018 singlecwd
1020 curl does one CWD with the full target directory and then
1021 operates on the file "normally" (like in the multicwd
1022 case). This is somewhat more standards compliant than
1023 'nocwd' but without the full penalty of 'multicwd'.
1024 Added in 7.15.1.
1026 --ftp-pasv
1028 (FTP) Use passive mode for the data connection. Passive is the
1029 internal default behavior, but using this option can be used to
1030 override a previous -P, --ftp-port option.
1031 If this option is used several times, only the first one is
1033 used. Undoing an enforced passive really isn't doable but you
1034 must then instead enforce the correct -P, --ftp-port again.
1035 Passive mode means that curl will try the EPSV command first and
1037 then PASV, unless --disable-epsv is used.
1038 See also --disable-epsv. Added in 7.11.0.
1040 -P, --ftp-port <address>
1042 (FTP) Reverses the default initiator/listener roles when con‐
1043 necting with FTP. This option makes curl use active mode. curl
1044 then tells the server to connect back to the client's specified
1045 address and port, while passive mode asks the server to setup an
1046 IP address and port for it to connect to. <address> should be
1047 one of:
1048 interface
1050 e.g. "eth0" to specify which interface's IP address you
1051 want to use (Unix only)
1052 IP address
1054 e.g. "192.168.10.1" to specify the exact IP address
1055 host name
1057 e.g. "my.host.domain" to specify the machine
1058 - make curl pick the same IP address that is already used
1060 for the control connection
1061 If this option is used several times, the last one will be used. Dis‐
1063 able the use of PORT with --ftp-pasv. Disable the attempt to use the
1064 EPRT command instead of PORT by using --disable-eprt. EPRT is really
1065 PORT++.
1066 Since 7.19.5, you can append ":[start]-[end]" to the right of the
1068 address, to tell curl what TCP port range to use. That means you spec‐
1069 ify a port range, from a lower to a higher number. A single number
1070 works as well, but do note that it increases the risk of failure since
1071 the port may not be available.
1072 See also --ftp-pasv and --disable-eprt.
1074 --ftp-pret
1076 (FTP) Tell curl to send a PRET command before PASV (and EPSV).
1077 Certain FTP servers, mainly drftpd, require this non-standard
1078 command for directory listings as well as up and downloads in
1079 PASV mode.
1080 Added in 7.20.0.
1082 --ftp-skip-pasv-ip
1084 (FTP) Tell curl to not use the IP address the server suggests in
1085 its response to curl's PASV command when curl connects the data
1086 connection. Instead curl will re-use the same IP address it
1087 already uses for the control connection.
1088 This option has no effect if PORT, EPRT or EPSV is used instead
1090 of PASV.
1091 See also --ftp-pasv. Added in 7.14.2.
1093 --ftp-ssl-ccc-mode <active/passive>
1095 (FTP) Sets the CCC mode. The passive mode will not initiate the
1096 shutdown, but instead wait for the server to do it, and will not
1097 reply to the shutdown from the server. The active mode initiates
1098 the shutdown and waits for a reply from the server.
1099 See also --ftp-ssl-ccc. Added in 7.16.2.
1101 --ftp-ssl-ccc
1103 (FTP) Use CCC (Clear Command Channel) Shuts down the SSL/TLS
1104 layer after authenticating. The rest of the control channel com‐
1105 munication will be unencrypted. This allows NAT routers to fol‐
1106 low the FTP transaction. The default mode is passive.
1107 See also --ssl and --ftp-ssl-ccc-mode. Added in 7.16.1.
1109 --ftp-ssl-control
1111 (FTP) Require SSL/TLS for the FTP login, clear for transfer.
1112 Allows secure authentication, but non-encrypted data transfers
1113 for efficiency. Fails the transfer if the server doesn't sup‐
1114 port SSL/TLS.
1115 Added in 7.16.0.
1117 -G, --get
1119 When used, this option will make all data specified with -d,
1120 --data, --data-binary or --data-urlencode to be used in an HTTP
1121 GET request instead of the POST request that otherwise would be
1122 used. The data will be appended to the URL with a '?' separator.
1123 If used in combination with -I, --head, the POST data will
1125 instead be appended to the URL with a HEAD request.
1126 If this option is used several times, only the first one is
1128 used. This is because undoing a GET doesn't make sense, but you
1129 should then instead enforce the alternative method you prefer.
1130 -g, --globoff
1132 This option switches off the "URL globbing parser". When you set
1133 this option, you can specify URLs that contain the letters {}[]
1134 without having them being interpreted by curl itself. Note that
1135 these letters are not normal legal URL contents but they should
1136 be encoded according to the URI standard.
1137 --happy-eyeballs-timeout-ms <milliseconds>
1139 Happy eyeballs is an algorithm that attempts to connect to both
1140 IPv4 and IPv6 addresses for dual-stack hosts, preferring IPv6
1141 first for the number of milliseconds. If the IPv6 address cannot
1142 be connected to within that time then a connection attempt is
1143 made to the IPv4 address in parallel. The first connection to be
1144 established is the one that is used.
1145 The range of suggested useful values is limited. Happy Eyeballs
1147 RFC 6555 says "It is RECOMMENDED that connection attempts be
1148 paced 150-250 ms apart to balance human factors against network
1149 load." libcurl currently defaults to 200 ms. Firefox and Chrome
1150 currently default to 300 ms.
1151 If this option is used several times, the last one will be used.
1153 Added in 7.59.0.
1155 --haproxy-protocol
1157 (HTTP) Send a HAProxy PROXY protocol v1 header at the beginning
1158 of the connection. This is used by some load balancers and
1159 reverse proxies to indicate the client's true IP address and
1160 port.
1161 This option is primarily useful when sending test requests to a
1163 service that expects this header.
1164 Added in 7.60.0.
1166 -I, --head
1168 (HTTP FTP FILE) Fetch the headers only! HTTP-servers feature the
1169 command HEAD which this uses to get nothing but the header of a
1170 document. When used on an FTP or FILE file, curl displays the
1171 file size and last modification time only.
1172 -H, --header <header/@file>
1174 (HTTP) Extra header to include in the request when sending HTTP
1175 to a server. You may specify any number of extra headers. Note
1176 that if you should add a custom header that has the same name as
1177 one of the internal ones curl would use, your externally set
1178 header will be used instead of the internal one. This allows you
1179 to make even trickier stuff than curl would normally do. You
1180 should not replace internally set headers without knowing per‐
1181 fectly well what you're doing. Remove an internal header by giv‐
1182 ing a replacement without content on the right side of the
1183 colon, as in: -H "Host:". If you send the custom header with no-
1184 value then its header must be terminated with a semicolon, such
1185 as -H "X-Custom-Header;" to send "X-Custom-Header:".
1186 curl will make sure that each header you add/replace is sent
1188 with the proper end-of-line marker, you should thus not add that
1189 as a part of the header content: do not add newlines or carriage
1190 returns, they will only mess things up for you.
1191 Starting in 7.55.0, this option can take an argument in @file‐
1193 name style, which then adds a header for each line in the input
1194 file. Using @- will make curl read the header file from stdin.
1195 See also the -A, --user-agent and -e, --referer options.
1197 Starting in 7.37.0, you need --proxy-header to send custom head‐
1199 ers intended for a proxy.
1200 Example:
1202 curl -H "X-First-Name: Joe" http://example.com/
1204 WARNING: headers set with this option will be set in all
1206 requests - even after redirects are followed, like when told
1207 with -L, --location. This can lead to the header being sent to
1208 other hosts than the original host, so sensitive headers should
1209 be used with caution combined with following redirects.
1210 This option can be used multiple times to add/replace/remove
1212 multiple headers.
1213 -h, --help
1215 Usage help. This lists all current command line options with a
1216 short description.
1217 --hostpubmd5 <md5>
1219 (SFTP SCP) Pass a string containing 32 hexadecimal digits. The
1220 string should be the 128 bit MD5 checksum of the remote host's
1221 public key, curl will refuse the connection with the host unless
1222 the md5sums match.
1223 Added in 7.17.1.
1225 --http0.9
1227 (HTTP) Tells curl to be fine with HTTP version 0.9 response.
1228 HTTP/0.9 is a completely headerless response and therefore you
1230 can also connect with this to non-HTTP servers and still get a
1231 response since curl will simply transparently downgrade - if
1232 allowed.
1233 Since curl 7.66.0, HTTP/0.9 is disabled by default.
1235 -0, --http1.0
1237 (HTTP) Tells curl to use HTTP version 1.0 instead of using its
1238 internally preferred HTTP version.
1239 This option overrides --http1.1 and --http2.
1241 --http1.1
1243 (HTTP) Tells curl to use HTTP version 1.1.
1244 This option overrides -0, --http1.0 and --http2. Added in
1246 7.33.0.
1247 --http2-prior-knowledge
1249 (HTTP) Tells curl to issue its non-TLS HTTP requests using
1250 HTTP/2 without HTTP/1.1 Upgrade. It requires prior knowledge
1251 that the server supports HTTP/2 straight away. HTTPS requests
1252 will still do HTTP/2 the standard way with negotiated protocol
1253 version in the TLS handshake.
1254 --http2-prior-knowledge requires that the underlying libcurl was
1256 built to support HTTP/2. This option overrides --http1.1 and -0,
1257 --http1.0 and --http2. Added in 7.49.0.
1258 --http2
1260 (HTTP) Tells curl to use HTTP version 2.
1261 See also --http1.1 and --http3. --http2 requires that the under‐
1263 lying libcurl was built to support HTTP/2. This option overrides
1264 --http1.1 and -0, --http1.0 and --http2-prior-knowledge. Added
1265 in 7.33.0.
1266 --http3
1268 (HTTP) WARNING: this option is experiemental. Do not use in pro‐
1269 duction.
1270 Tells curl to use HTTP version 3 directly to the host and port
1272 number used in the URL. A normal HTTP/3 transaction will be done
1273 to a host and then get redirected via Alt-SVc, but this option
1274 allows a user to circumvent that when you know that the target
1275 speaks HTTP/3 on the given host and port.
1276 This option will make curl fail if a QUIC connection cannot be
1278 established, it cannot fall back to a lower HTTP version on its
1279 own.
1280 See also --http1.1 and --http2. --http3 requires that the under‐
1282 lying libcurl was built to support HTTP/3. This option overrides
1283 --http1.1 and -0, --http1.0 and --http2 and --http2-prior-knowl‐
1284 edge. Added in 7.66.0.
1285 --ignore-content-length
1287 (FTP HTTP) For HTTP, Ignore the Content-Length header. This is
1288 particularly useful for servers running Apache 1.x, which will
1289 report incorrect Content-Length for files larger than 2 giga‐
1290 bytes.
1291 For FTP (since 7.46.0), skip the RETR command to figure out the
1293 size before downloading a file.
1294 -i, --include
1296 Include the HTTP response headers in the output. The HTTP
1297 response headers can include things like server name, cookies,
1298 date of the document, HTTP version and more...
1299 To view the request headers, consider the -v, --verbose option.
1301 See also -v, --verbose.
1303 -k, --insecure
1305 (TLS) By default, every SSL connection curl makes is verified to
1306 be secure. This option allows curl to proceed and operate even
1307 for server connections otherwise considered insecure.
1308 The server connection is verified by making sure the server's
1310 certificate contains the right name and verifies successfully
1311 using the cert store.
1312 See this online resource for further details:
1314 https://curl.haxx.se/docs/sslcerts.html
1315 See also --proxy-insecure and --cacert.
1317 --interface <name>
1319 Perform an operation using a specified interface. You can enter
1321 interface name, IP address or host name. An example could look
1322 like:
1323 curl --interface eth0:1 https://www.example.com/
1325 If this option is used several times, the last one will be used.
1327 On Linux it can be used to specify a VRF, but the binary needs
1329 to either have CAP_NET_RAW or to be run as root. More informa‐
1330 tion about Linux VRF: https://www.kernel.org/doc/Documenta‐
1331 tion/networking/vrf.txt
1332 See also --dns-interface.
1334 -4, --ipv4
1336 This option tells curl to resolve names to IPv4 addresses only,
1337 and not for example try IPv6.
1338 See also --http1.1 and --http2. This option overrides -6,
1340 --ipv6.
1341 -6, --ipv6
1343 This option tells curl to resolve names to IPv6 addresses only,
1344 and not for example try IPv4.
1345 See also --http1.1 and --http2. This option overrides -4,
1347 --ipv4.
1348 -j, --junk-session-cookies
1350 (HTTP) When curl is told to read cookies from a given file, this
1351 option will make it discard all "session cookies". This will
1352 basically have the same effect as if a new session is started.
1353 Typical browsers always discard session cookies when they're
1354 closed down.
1355 See also -b, --cookie and -c, --cookie-jar.
1357 --keepalive-time <seconds>
1359 This option sets the time a connection needs to remain idle
1360 before sending keepalive probes and the time between individual
1361 keepalive probes. It is currently effective on operating systems
1362 offering the TCP_KEEPIDLE and TCP_KEEPINTVL socket options
1363 (meaning Linux, recent AIX, HP-UX and more). This option has no
1364 effect if --no-keepalive is used.
1365 If this option is used several times, the last one will be used.
1367 If unspecified, the option defaults to 60 seconds.
1368 Added in 7.18.0.
1370 --key-type <type>
1372 (TLS) Private key file type. Specify which type your --key pro‐
1373 vided private key is. DER, PEM, and ENG are supported. If not
1374 specified, PEM is assumed.
1375 If this option is used several times, the last one will be used.
1377 --key <key>
1379 (TLS SSH) Private key file name. Allows you to provide your pri‐
1380 vate key in this separate file. For SSH, if not specified, curl
1381 tries the following candidates in order: '~/.ssh/id_rsa',
1382 '~/.ssh/id_dsa', './id_rsa', './id_dsa'.
1383 If curl is built against OpenSSL library, and the engine pkcs11
1385 is available, then a PKCS#11 URI (RFC 7512) can be used to spec‐
1386 ify a private key located in a PKCS#11 device. A string begin‐
1387 ning with "pkcs11:" will be interpreted as a PKCS#11 URI. If a
1388 PKCS#11 URI is provided, then the --engine option will be set as
1389 "pkcs11" if none was provided and the --key-type option will be
1390 set as "ENG" if none was provided.
1391 If this option is used several times, the last one will be used.
1393 --krb <level>
1395 (FTP) Enable Kerberos authentication and use. The level must be
1396 entered and should be one of 'clear', 'safe', 'confidential', or
1397 'private'. Should you use a level that is not one of these,
1398 'private' will instead be used.
1399 If this option is used several times, the last one will be used.
1401 --krb requires that the underlying libcurl was built to support
1403 Kerberos.
1404 --libcurl <file>
1406 Append this option to any ordinary curl command line, and you
1407 will get a libcurl-using C source code written to the file that
1408 does the equivalent of what your command-line operation does!
1409 If this option is used several times, the last given file name
1411 will be used.
1412 Added in 7.16.1.
1414 --limit-rate <speed>
1416 Specify the maximum transfer rate you want curl to use - for
1417 both downloads and uploads. This feature is useful if you have a
1418 limited pipe and you'd like your transfer not to use your entire
1419 bandwidth. To make it slower than it otherwise would be.
1420 The given speed is measured in bytes/second, unless a suffix is
1422 appended. Appending 'k' or 'K' will count the number as kilo‐
1423 bytes, 'm' or 'M' makes it megabytes, while 'g' or 'G' makes it
1424 gigabytes. Examples: 200K, 3m and 1G.
1425 If you also use the -Y, --speed-limit option, that option will
1427 take precedence and might cripple the rate-limiting slightly, to
1428 help keeping the speed-limit logic working.
1429 If this option is used several times, the last one will be used.
1431 -l, --list-only
1433 (FTP POP3) (FTP) When listing an FTP directory, this switch
1434 forces a name-only view. This is especially useful if the user
1435 wants to machine-parse the contents of an FTP directory since
1436 the normal directory view doesn't use a standard look or format.
1437 When used like this, the option causes a NLST command to be sent
1438 to the server instead of LIST.
1439 Note: Some FTP servers list only files in their response to
1441 NLST; they do not include sub-directories and symbolic links.
1442 (POP3) When retrieving a specific email from POP3, this switch
1444 forces a LIST command to be performed instead of RETR. This is
1445 particularly useful if the user wants to see if a specific mes‐
1446 sage id exists on the server and what size it is.
1447 Note: When combined with -X, --request, this option can be used
1449 to send an UIDL command instead, so the user may use the email's
1450 unique identifier rather than it's message id to make the
1451 request.
1452 Added in 7.21.5.
1454 --local-port <num/range>
1456 Set a preferred single number or range (FROM-TO) of local port
1457 numbers to use for the connection(s). Note that port numbers by
1458 nature are a scarce resource that will be busy at times so set‐
1459 ting this range to something too narrow might cause unnecessary
1460 connection setup failures.
1461 Added in 7.15.2.
1463 --location-trusted
1465 (HTTP) Like -L, --location, but will allow sending the name +
1466 password to all hosts that the site may redirect to. This may or
1467 may not introduce a security breach if the site redirects you to
1468 a site to which you'll send your authentication info (which is
1469 plaintext in the case of HTTP Basic authentication).
1470 See also -u, --user.
1472 -L, --location
1474 (HTTP) If the server reports that the requested page has moved
1475 to a different location (indicated with a Location: header and a
1476 3XX response code), this option will make curl redo the request
1477 on the new place. If used together with -i, --include or -I,
1478 --head, headers from all requested pages will be shown. When
1479 authentication is used, curl only sends its credentials to the
1480 initial host. If a redirect takes curl to a different host, it
1481 won't be able to intercept the user+password. See also --loca‐
1482 tion-trusted on how to change this. You can limit the amount of
1483 redirects to follow by using the --max-redirs option.
1484 When curl follows a redirect and the request is not a plain GET
1486 (for example POST or PUT), it will do the following request with
1487 a GET if the HTTP response was 301, 302, or 303. If the response
1488 code was any other 3xx code, curl will re-send the following
1489 request using the same unmodified method.
1490 You can tell curl to not change the non-GET request method to
1492 GET after a 30x response by using the dedicated options for
1493 that: --post301, --post302 and --post303.
1494 --login-options <options>
1496 (IMAP POP3 SMTP) Specify the login options to use during server
1497 authentication.
1498 You can use the login options to specify protocol specific
1500 options that may be used during authentication. At present only
1501 IMAP, POP3 and SMTP support login options. For more information
1502 about the login options please see RFC 2384, RFC 5092 and IETF
1503 draft draft-earhart-url-smtp-00.txt
1504 If this option is used several times, the last one will be used.
1506 Added in 7.34.0.
1508 --mail-auth <address>
1510 (SMTP) Specify a single address. This will be used to specify
1511 the authentication address (identity) of a submitted message
1512 that is being relayed to another server.
1513 See also --mail-rcpt and --mail-from. Added in 7.25.0.
1515 --mail-from <address>
1517 (SMTP) Specify a single address that the given mail should get
1518 sent from.
1519 See also --mail-rcpt and --mail-auth. Added in 7.20.0.
1521 --mail-rcpt <address>
1523 (SMTP) Specify a single address, user name or mailing list name.
1524 Repeat this option several times to send to multiple recipients.
1525 When performing a mail transfer, the recipient should specify a
1527 valid email address to send the mail to.
1528 When performing an address verification (VRFY command), the
1530 recipient should be specified as the user name or user name and
1531 domain (as per Section 3.5 of RFC5321). (Added in 7.34.0)
1532 When performing a mailing list expand (EXPN command), the recip‐
1534 ient should be specified using the mailing list name, such as
1535 "Friends" or "London-Office". (Added in 7.34.0)
1536 Added in 7.20.0.
1538 -M, --manual
1540 Manual. Display the huge help text.
1541 --max-filesize <bytes>
1543 Specify the maximum size (in bytes) of a file to download. If
1544 the file requested is larger than this value, the transfer will
1545 not start and curl will return with exit code 63.
1546 A size modifier may be used. For example, Appending 'k' or 'K'
1548 will count the number as kilobytes, 'm' or 'M' makes it
1549 megabytes, while 'g' or 'G' makes it gigabytes. Examples: 200K,
1550 3m and 1G. (Added in 7.58.0)
1551 NOTE: The file size is not always known prior to download, and
1553 for such files this option has no effect even if the file trans‐
1554 fer ends up being larger than this given limit. This concerns
1555 both FTP and HTTP transfers.
1556 See also --limit-rate.
1558 --max-redirs <num>
1560 (HTTP) Set maximum number of redirection-followings allowed.
1561 When -L, --location is used, is used to prevent curl from fol‐
1562 lowing redirections too much. By default, the limit is set to 50
1563 redirections. Set this option to -1 to make it unlimited.
1564 If this option is used several times, the last one will be used.
1566 -m, --max-time <seconds>
1568 Maximum time in seconds that you allow the whole operation to
1569 take. This is useful for preventing your batch jobs from hang‐
1570 ing for hours due to slow networks or links going down. Since
1571 7.32.0, this option accepts decimal values, but the actual time‐
1572 out will decrease in accuracy as the specified timeout increases
1573 in decimal precision.
1574 If this option is used several times, the last one will be used.
1576 See also --connect-timeout.
1578 --metalink
1580 This option can tell curl to parse and process a given URI as
1581 Metalink file (both version 3 and 4 (RFC 5854) are supported)
1582 and make use of the mirrors listed within for failover if there
1583 are errors (such as the file or server not being available). It
1584 will also verify the hash of the file after the download com‐
1585 pletes. The Metalink file itself is downloaded and processed in
1586 memory and not stored in the local file system.
1587 Example to use a remote Metalink file:
1589 curl --metalink http://www.example.com/example.metalink
1591 To use a Metalink file in the local file system, use FILE proto‐
1593 col (file://):
1594 curl --metalink file://example.metalink
1596 Please note that if FILE protocol is disabled, there is no way
1598 to use a local Metalink file at the time of this writing. Also
1599 note that if --metalink and -i, --include are used together,
1600 --include will be ignored. This is because including headers in
1601 the response will break Metalink parser and if the headers are
1602 included in the file described in Metalink file, hash check will
1603 fail.
1604 --metalink requires that the underlying libcurl was built to
1606 support metalink. Added in 7.27.0.
1607 --negotiate
1609 (HTTP) Enables Negotiate (SPNEGO) authentication.
1610 This option requires a library built with GSS-API or SSPI sup‐
1612 port. Use -V, --version to see if your curl supports GSS-
1613 API/SSPI or SPNEGO.
1614 When using this option, you must also provide a fake -u, --user
1616 option to activate the authentication code properly. Sending a
1617 '-u :' is enough as the user name and password from the -u,
1618 --user option aren't actually used.
1619 If this option is used several times, only the first one is
1621 used.
1622 See also --basic and --ntlm and --anyauth and --proxy-negotiate.
1624 --netrc-file <filename>
1626 This option is similar to -n, --netrc, except that you provide
1627 the path (absolute or relative) to the netrc file that curl
1628 should use. You can only specify one netrc file per invocation.
1629 If several --netrc-file options are provided, the last one will
1630 be used.
1631 It will abide by --netrc-optional if specified.
1633 This option overrides -n, --netrc. Added in 7.21.5.
1635 --netrc-optional
1637 Very similar to -n, --netrc, but this option makes the .netrc
1638 usage optional and not mandatory as the -n, --netrc option does.
1639 See also --netrc-file. This option overrides -n, --netrc.
1641 -n, --netrc
1643 Makes curl scan the .netrc (_netrc on Windows) file in the
1644 user's home directory for login name and password. This is typi‐
1645 cally used for FTP on Unix. If used with HTTP, curl will enable
1646 user authentication. See netrc(5) ftp(1) for details on the file
1647 format. Curl will not complain if that file doesn't have the
1648 right permissions (it should not be either world- or group-read‐
1649 able). The environment variable "HOME" is used to find the home
1650 directory.
1651 A quick and very simple example of how to setup a .netrc to
1653 allow curl to FTP to the machine host.domain.com with user name
1654 'myself' and password 'secret' should look similar to:
1655 machine host.domain.com login myself password secret
1657 -:, --next
1659 Tells curl to use a separate operation for the following URL and
1660 associated options. This allows you to send several URL
1661 requests, each with their own specific options, for example,
1662 such as different user names or custom requests for each.
1663 -:, --next will reset all local options and only global ones
1665 will have their values survive over to the operation following
1666 the -:, --next instruction. Global options include -v, --ver‐
1667 bose, --trace, --trace-ascii and --fail-early.
1668 For example, you can do both a GET and a POST in a single com‐
1670 mand line:
1671 curl www1.example.com --next -d postthis www2.example.com
1673 Added in 7.36.0.
1675 --no-alpn
1677 (HTTPS) Disable the ALPN TLS extension. ALPN is enabled by
1678 default if libcurl was built with an SSL library that supports
1679 ALPN. ALPN is used by a libcurl that supports HTTP/2 to negoti‐
1680 ate HTTP/2 support with the server during https sessions.
1681 See also --no-npn and --http2. --no-alpn requires that the
1683 underlying libcurl was built to support TLS. Added in 7.36.0.
1684 -N, --no-buffer
1686 Disables the buffering of the output stream. In normal work sit‐
1687 uations, curl will use a standard buffered output stream that
1688 will have the effect that it will output the data in chunks, not
1689 necessarily exactly when the data arrives. Using this option
1690 will disable that buffering.
1691 Note that this is the negated option name documented. You can
1693 thus use --buffer to enforce the buffering.
1694 --no-keepalive
1696 Disables the use of keepalive messages on the TCP connection.
1697 curl otherwise enables them by default.
1698 Note that this is the negated option name documented. You can
1700 thus use --keepalive to enforce keepalive.
1701 --no-npn
1703 (HTTPS) Disable the NPN TLS extension. NPN is enabled by default
1704 if libcurl was built with an SSL library that supports NPN. NPN
1705 is used by a libcurl that supports HTTP/2 to negotiate HTTP/2
1706 support with the server during https sessions.
1707 See also --no-alpn and --http2. --no-npn requires that the
1709 underlying libcurl was built to support TLS. Added in 7.36.0.
1710 --no-sessionid
1712 (TLS) Disable curl's use of SSL session-ID caching. By default
1713 all transfers are done using the cache. Note that while nothing
1714 should ever get hurt by attempting to reuse SSL session-IDs,
1715 there seem to be broken SSL implementations in the wild that may
1716 require you to disable this in order for you to succeed.
1717 Note that this is the negated option name documented. You can
1719 thus use --sessionid to enforce session-ID caching.
1720 Added in 7.16.0.
1722 --noproxy <no-proxy-list>
1724 Comma-separated list of hosts which do not use a proxy, if one
1725 is specified. The only wildcard is a single * character, which
1726 matches all hosts, and effectively disables the proxy. Each name
1727 in this list is matched as either a domain which contains the
1728 hostname, or the hostname itself. For example, local.com would
1729 match local.com, local.com:80, and www.local.com, but not
1730 www.notlocal.com.
1731 Since 7.53.0, This option overrides the environment variables
1733 that disable the proxy. If there's an environment variable dis‐
1734 abling a proxy, you can set noproxy list to "" to override it.
1735 Added in 7.19.4.
1737 --ntlm-wb
1739 (HTTP) Enables NTLM much in the style --ntlm does, but hand over
1740 the authentication to the separate binary ntlmauth application
1741 that is executed when needed.
1742 See also --ntlm and --proxy-ntlm.
1744 --ntlm (HTTP) Enables NTLM authentication. The NTLM authentication
1746 method was designed by Microsoft and is used by IIS web servers.
1747 It is a proprietary protocol, reverse-engineered by clever peo‐
1748 ple and implemented in curl based on their efforts. This kind of
1749 behavior should not be endorsed, you should encourage everyone
1750 who uses NTLM to switch to a public and documented authentica‐
1751 tion method instead, such as Digest.
1752 If you want to enable NTLM for your proxy authentication, then
1754 use --proxy-ntlm.
1755 If this option is used several times, only the first one is
1757 used.
1758 See also --proxy-ntlm. --ntlm requires that the underlying
1760 libcurl was built to support TLS. This option overrides --basic
1761 and --negotiate and --digest and --anyauth.
1762 --oauth2-bearer <token>
1764 (IMAP POP3 SMTP) Specify the Bearer Token for OAUTH 2.0 server
1765 authentication. The Bearer Token is used in conjunction with the
1766 user name which can be specified as part of the --url or -u,
1767 --user options.
1768 The Bearer Token and user name are formatted according to RFC
1770 6750.
1771 If this option is used several times, the last one will be used.
1773 -o, --output <file>
1775 Write output to <file> instead of stdout. If you are using {} or
1776 [] to fetch multiple documents, you can use '#' followed by a
1777 number in the <file> specifier. That variable will be replaced
1778 with the current string for the URL being fetched. Like in:
1779 curl http://{one,two}.example.com -o "file_#1.txt"
1781 or use several variables like:
1783 curl http://{site,host}.host[1-5].com -o "#1_#2"
1785 You may use this option as many times as the number of URLs you
1787 have. For example, if you specify two URLs on the same command
1788 line, you can use it like this:
1789 curl -o aa example.com -o bb example.net
1791 and the order of the -o options and the URLs doesn't matter,
1793 just that the first -o is for the first URL and so on, so the
1794 above command line can also be written as
1795 curl example.com example.net -o aa -o bb
1797 See also the --create-dirs option to create the local directo‐
1799 ries dynamically. Specifying the output as '-' (a single dash)
1800 will force the output to be done to stdout.
1801 See also -O, --remote-name and --remote-name-all and -J,
1803 --remote-header-name.
1804 --parallel-max
1806 When asked to do parallel transfers, using -Z, --parallel, this
1807 option controls the maximum amount of transfers to do simultane‐
1808 ously.
1809 The default is 50.
1811 See also -Z, --parallel. Added in 7.66.0.
1813 -Z, --parallel
1815 Makes curl perform its transfers in parallel as compared to the
1816 regular serial manner.
1817 Added in 7.66.0.
1819 --pass <phrase>
1821 (SSH TLS) Passphrase for the private key
1822 If this option is used several times, the last one will be used.
1824 --path-as-is
1826 Tell curl to not handle sequences of /../ or /./ in the given
1827 URL path. Normally curl will squash or merge them according to
1828 standards but with this option set you tell it not to do that.
1829 Added in 7.42.0.
1831 --pinnedpubkey <hashes>
1833 (TLS) Tells curl to use the specified public key file (or
1834 hashes) to verify the peer. This can be a path to a file which
1835 contains a single public key in PEM or DER format, or any number
1836 of base64 encoded sha256 hashes preceded by ´sha256//´ and sepa‐
1837 rated by ´;´
1838 When negotiating a TLS or SSL connection, the server sends a
1840 certificate indicating its identity. A public key is extracted
1841 from this certificate and if it does not exactly match the pub‐
1842 lic key provided to this option, curl will abort the connection
1843 before sending or receiving any data.
1844 PEM/DER support:
1846 7.39.0: OpenSSL, GnuTLS and GSKit
1847 7.43.0: NSS and wolfSSL
1848 7.47.0: mbedtls sha256 support:
1849 7.44.0: OpenSSL, GnuTLS, NSS and wolfSSL
1850 7.47.0: mbedtls Other SSL backends not supported.
1851 If this option is used several times, the last one will be used.
1853 --post301
1855 (HTTP) Tells curl to respect RFC 7231/6.4.2 and not convert POST
1856 requests into GET requests when following a 301 redirection. The
1857 non-RFC behaviour is ubiquitous in web browsers, so curl does
1858 the conversion by default to maintain consistency. However, a
1859 server may require a POST to remain a POST after such a redi‐
1860 rection. This option is meaningful only when using -L, --loca‐
1861 tion.
1862 See also --post302 and --post303 and -L, --location. Added in
1864 7.17.1.
1865 --post302
1867 (HTTP) Tells curl to respect RFC 7231/6.4.3 and not convert POST
1868 requests into GET requests when following a 302 redirection. The
1869 non-RFC behaviour is ubiquitous in web browsers, so curl does
1870 the conversion by default to maintain consistency. However, a
1871 server may require a POST to remain a POST after such a redi‐
1872 rection. This option is meaningful only when using -L, --loca‐
1873 tion.
1874 See also --post301 and --post303 and -L, --location. Added in
1876 7.19.1.
1877 --post303
1879 (HTTP) Tells curl to violate RFC 7231/6.4.4 and not convert POST
1880 requests into GET requests when following 303 redirections. A
1881 server may require a POST to remain a POST after a 303 redirect‐
1882 ion. This option is meaningful only when using -L, --location.
1883 See also --post302 and --post301 and -L, --location. Added in
1885 7.26.0.
1886 --preproxy [protocol://]host[:port]
1888 Use the specified SOCKS proxy before connecting to an HTTP or
1889 HTTPS -x, --proxy. In such a case curl first connects to the
1890 SOCKS proxy and then connects (through SOCKS) to the HTTP or
1891 HTTPS proxy. Hence pre proxy.
1892 The pre proxy string should be specified with a protocol:// pre‐
1894 fix to specify alternative proxy protocols. Use socks4://,
1895 socks4a://, socks5:// or socks5h:// to request the specific
1896 SOCKS version to be used. No protocol specified will make curl
1897 default to SOCKS4.
1898 If the port number is not specified in the proxy string, it is
1900 assumed to be 1080.
1901 User and password that might be provided in the proxy string are
1903 URL decoded by curl. This allows you to pass in special charac‐
1904 ters such as @ by using %40 or pass in a colon with %3a.
1905 If this option is used several times, the last one will be used.
1907 Added in 7.52.0.
1909 -#, --progress-bar
1911 Make curl display transfer progress as a simple progress bar
1912 instead of the standard, more informational, meter.
1913 This progress bar draws a single line of '#' characters across
1915 the screen and shows a percentage if the transfer size is known.
1916 For transfers without a known size, there will be space ship
1917 (-=o=-) that moves back and forth but only while data is being
1918 transferred, with a set of flying hash sign symbols on top.
1919 --proto-default <protocol>
1921 Tells curl to use protocol for any URL missing a scheme name.
1922 Example:
1924 curl --proto-default https ftp.mozilla.org
1926 An unknown or unsupported protocol causes error CURLE_UNSUP‐
1928 PORTED_PROTOCOL (1).
1929 This option does not change the default proxy protocol (http).
1931 Without this option curl would make a guess based on the host,
1933 see --url for details.
1934 Added in 7.45.0.
1936 --proto-redir <protocols>
1938 Tells curl to limit what protocols it may use on redirect. Pro‐
1939 tocols denied by --proto are not overridden by this option. See
1940 --proto for how protocols are represented.
1941 Example, allow only HTTP and HTTPS on redirect:
1943 curl --proto-redir -all,http,https http://example.com
1945 By default curl will allow HTTP, HTTPS, FTP and FTPS on redirect
1947 (7.65.2). Older versions of curl allowed all protocols on redi‐
1948 rect except several disabled for security reasons: Since 7.19.4
1949 FILE and SCP are disabled, and since 7.40.0 SMB and SMBS are
1950 also disabled. Specifying all or +all enables all protocols on
1951 redirect, including those disabled for security.
1952 Added in 7.20.2.
1954 --proto <protocols>
1956 Tells curl to limit what protocols it may use in the transfer.
1957 Protocols are evaluated left to right, are comma separated, and
1958 are each a protocol name or 'all', optionally prefixed by zero
1959 or more modifiers. Available modifiers are:
1960 + Permit this protocol in addition to protocols already permit‐
1962 ted (this is the default if no modifier is used).
1963 - Deny this protocol, removing it from the list of protocols
1965 already permitted.
1966 = Permit only this protocol (ignoring the list already permit‐
1968 ted), though subject to later modification by subsequent
1969 entries in the comma separated list.
1970 For example:
1972 --proto -ftps uses the default protocols, but disables ftps
1974 --proto -all,https,+http
1976 only enables http and https
1977 --proto =http,https
1979 also only enables http and https
1980 Unknown protocols produce a warning. This allows scripts to safely rely
1982 on being able to disable potentially dangerous protocols, without rely‐
1983 ing upon support for that protocol being built into curl to avoid an
1984 error.
1985 This option can be used multiple times, in which case the effect is the
1987 same as concatenating the protocols into one instance of the option.
1988 See also --proto-redir and --proto-default. Added in 7.20.2.
1990 --proxy-anyauth
1992 Tells curl to pick a suitable authentication method when commu‐
1993 nicating with the given HTTP proxy. This might cause an extra
1994 request/response round-trip.
1995 See also -x, --proxy and --proxy-basic and --proxy-digest. Added
1997 in 7.13.2.
1998 --proxy-basic
2000 Tells curl to use HTTP Basic authentication when communicating
2001 with the given proxy. Use --basic for enabling HTTP Basic with a
2002 remote host. Basic is the default authentication method curl
2003 uses with proxies.
2004 See also -x, --proxy and --proxy-anyauth and --proxy-digest.
2006 --proxy-cacert <file>
2008 Same as --cacert but used in HTTPS proxy context.
2009 See also --proxy-capath and --cacert and --capath and -x,
2011 --proxy. Added in 7.52.0.
2012 --proxy-capath <dir>
2014 Same as --capath but used in HTTPS proxy context.
2015 See also --proxy-cacert and -x, --proxy and --capath. Added in
2017 7.52.0.
2018 --proxy-cert-type <type>
2020 Same as --cert-type but used in HTTPS proxy context.
2021 Added in 7.52.0.
2023 --proxy-cert <cert[:passwd]>
2025 Same as -E, --cert but used in HTTPS proxy context.
2026 Added in 7.52.0.
2028 --proxy-ciphers <list>
2030 Same as --ciphers but used in HTTPS proxy context.
2031 Added in 7.52.0.
2033 --proxy-crlfile <file>
2035 Same as --crlfile but used in HTTPS proxy context.
2036 Added in 7.52.0.
2038 --proxy-digest
2040 Tells curl to use HTTP Digest authentication when communicating
2041 with the given proxy. Use --digest for enabling HTTP Digest with
2042 a remote host.
2043 See also -x, --proxy and --proxy-anyauth and --proxy-basic.
2045 --proxy-header <header/@file>
2047 (HTTP) Extra header to include in the request when sending HTTP
2048 to a proxy. You may specify any number of extra headers. This is
2049 the equivalent option to -H, --header but is for proxy communi‐
2050 cation only like in CONNECT requests when you want a separate
2051 header sent to the proxy to what is sent to the actual remote
2052 host.
2053 curl will make sure that each header you add/replace is sent
2055 with the proper end-of-line marker, you should thus not add that
2056 as a part of the header content: do not add newlines or carriage
2057 returns, they will only mess things up for you.
2058 Headers specified with this option will not be included in
2060 requests that curl knows will not be sent to a proxy.
2061 Starting in 7.55.0, this option can take an argument in @file‐
2063 name style, which then adds a header for each line in the input
2064 file. Using @- will make curl read the header file from stdin.
2065 This option can be used multiple times to add/replace/remove
2067 multiple headers.
2068 Added in 7.37.0.
2070 --proxy-insecure
2072 Same as -k, --insecure but used in HTTPS proxy context.
2073 Added in 7.52.0.
2075 --proxy-key-type <type>
2077 Same as --key-type but used in HTTPS proxy context.
2078 Added in 7.52.0.
2080 --proxy-key <key>
2082 Same as --key but used in HTTPS proxy context.
2083 --proxy-negotiate
2085 Tells curl to use HTTP Negotiate (SPNEGO) authentication when
2086 communicating with the given proxy. Use --negotiate for enabling
2087 HTTP Negotiate (SPNEGO) with a remote host.
2088 See also --proxy-anyauth and --proxy-basic. Added in 7.17.1.
2090 --proxy-ntlm
2092 Tells curl to use HTTP NTLM authentication when communicating
2093 with the given proxy. Use --ntlm for enabling NTLM with a remote
2094 host.
2095 See also --proxy-negotiate and --proxy-anyauth.
2097 --proxy-pass <phrase>
2099 Same as --pass but used in HTTPS proxy context.
2100 Added in 7.52.0.
2102 --proxy-pinnedpubkey <hashes>
2104 (TLS) Tells curl to use the specified public key file (or
2105 hashes) to verify the proxy. This can be a path to a file which
2106 contains a single public key in PEM or DER format, or any number
2107 of base64 encoded sha256 hashes preceded by ´sha256//´ and sepa‐
2108 rated by ´;´
2109 When negotiating a TLS or SSL connection, the server sends a
2111 certificate indicating its identity. A public key is extracted
2112 from this certificate and if it does not exactly match the pub‐
2113 lic key provided to this option, curl will abort the connection
2114 before sending or receiving any data.
2115 If this option is used several times, the last one will be used.
2117 --proxy-service-name <name>
2119 This option allows you to change the service name for proxy
2120 negotiation.
2121 Added in 7.43.0.
2123 --proxy-ssl-allow-beast
2125 Same as --ssl-allow-beast but used in HTTPS proxy context.
2126 Added in 7.52.0.
2128 --proxy-tls13-ciphers <ciphersuite list>
2130 (TLS) Specifies which cipher suites to use in the connection to
2131 your HTTPS proxy when it negotiates TLS 1.3. The list of ciphers
2132 suites must specify valid ciphers. Read up on TLS 1.3 cipher
2133 suite details on this URL:
2134 https://curl.haxx.se/docs/ssl-ciphers.html
2136 This option is currently used only when curl is built to use
2138 OpenSSL 1.1.1 or later. If you are using a different SSL backend
2139 you can try setting TLS 1.3 cipher suites by using the --proxy-
2140 ciphers option.
2141 If this option is used several times, the last one will be used.
2143 --proxy-tlsauthtype <type>
2145 Same as --tlsauthtype but used in HTTPS proxy context.
2146 Added in 7.52.0.
2148 --proxy-tlspassword <string>
2150 Same as --tlspassword but used in HTTPS proxy context.
2151 Added in 7.52.0.
2153 --proxy-tlsuser <name>
2155 Same as --tlsuser but used in HTTPS proxy context.
2156 Added in 7.52.0.
2158 --proxy-tlsv1
2160 Same as -1, --tlsv1 but used in HTTPS proxy context.
2161 Added in 7.52.0.
2163 -U, --proxy-user <user:password>
2165 Specify the user name and password to use for proxy authentica‐
2166 tion.
2167 If you use a Windows SSPI-enabled curl binary and do either
2169 Negotiate or NTLM authentication then you can tell curl to
2170 select the user name and password from your environment by spec‐
2171 ifying a single colon with this option: "-U :".
2172 On systems where it works, curl will hide the given option argu‐
2174 ment from process listings. This is not enough to protect cre‐
2175 dentials from possibly getting seen by other users on the same
2176 system as they will still be visible for a brief moment before
2177 cleared. Such sensitive data should be retrieved from a file
2178 instead or similar and never used in clear text in a command
2179 line.
2180 If this option is used several times, the last one will be used.
2182 -x, --proxy [protocol://]host[:port]
2184 Use the specified proxy.
2185 The proxy string can be specified with a protocol:// prefix. No
2187 protocol specified or http:// will be treated as HTTP proxy. Use
2188 socks4://, socks4a://, socks5:// or socks5h:// to request a spe‐
2189 cific SOCKS version to be used. (The protocol support was added
2190 in curl 7.21.7)
2191 HTTPS proxy support via https:// protocol prefix was added in
2193 7.52.0 for OpenSSL, GnuTLS and NSS.
2194 Unrecognized and unsupported proxy protocols cause an error
2196 since 7.52.0. Prior versions may ignore the protocol and use
2197 http:// instead.
2198 If the port number is not specified in the proxy string, it is
2200 assumed to be 1080.
2201 This option overrides existing environment variables that set
2203 the proxy to use. If there's an environment variable setting a
2204 proxy, you can set proxy to "" to override it.
2205 All operations that are performed over an HTTP proxy will trans‐
2207 parently be converted to HTTP. It means that certain protocol
2208 specific operations might not be available. This is not the case
2209 if you can tunnel through the proxy, as one with the -p, --prox‐
2210 ytunnel option.
2211 User and password that might be provided in the proxy string are
2213 URL decoded by curl. This allows you to pass in special charac‐
2214 ters such as @ by using %40 or pass in a colon with %3a.
2215 The proxy host can be specified the exact same way as the proxy
2217 environment variables, including the protocol prefix (http://)
2218 and the embedded user + password.
2219 If this option is used several times, the last one will be used.
2221 --proxy1.0 <host[:port]>
2223 Use the specified HTTP 1.0 proxy. If the port number is not
2224 specified, it is assumed at port 1080.
2225 The only difference between this and the HTTP proxy option -x,
2227 --proxy, is that attempts to use CONNECT through the proxy will
2228 specify an HTTP 1.0 protocol instead of the default HTTP 1.1.
2229 -p, --proxytunnel
2231 When an HTTP proxy is used -x, --proxy, this option will make
2232 curl tunnel through the proxy. The tunnel approach is made with
2233 the HTTP proxy CONNECT request and requires that the proxy
2234 allows direct connect to the remote port number curl wants to
2235 tunnel through to.
2236 To suppress proxy CONNECT response headers when curl is set to
2238 output headers use --suppress-connect-headers.
2239 See also -x, --proxy.
2241 --pubkey <key>
2243 (SFTP SCP) Public key file name. Allows you to provide your pub‐
2244 lic key in this separate file.
2245 If this option is used several times, the last one will be used.
2247 (As of 7.39.0, curl attempts to automatically extract the public
2249 key from the private key file, so passing this option is gener‐
2250 ally not required. Note that this public key extraction requires
2251 libcurl to be linked against a copy of libssh2 1.2.8 or higher
2252 that is itself linked against OpenSSL.)
2253 -Q, --quote
2255 (FTP SFTP) Send an arbitrary command to the remote FTP or SFTP
2256 server. Quote commands are sent BEFORE the transfer takes place
2257 (just after the initial PWD command in an FTP transfer, to be
2258 exact). To make commands take place after a successful transfer,
2259 prefix them with a dash '-'. To make commands be sent after
2260 curl has changed the working directory, just before the transfer
2261 command(s), prefix the command with a '+' (this is only sup‐
2262 ported for FTP). You may specify any number of commands.
2263 If the server returns failure for one of the commands, the
2265 entire operation will be aborted. You must send syntactically
2266 correct FTP commands as RFC 959 defines to FTP servers, or one
2267 of the commands listed below to SFTP servers.
2268 Prefix the command with an asterisk (*) to make curl continue
2270 even if the command fails as by default curl will stop at first
2271 failure.
2272 This option can be used multiple times.
2274 SFTP is a binary protocol. Unlike for FTP, curl interprets SFTP
2276 quote commands itself before sending them to the server. File
2277 names may be quoted shell-style to embed spaces or special char‐
2278 acters. Following is the list of all supported SFTP quote com‐
2279 mands:
2280 chgrp group file
2282 The chgrp command sets the group ID of the file named by
2283 the file operand to the group ID specified by the group
2284 operand. The group operand is a decimal integer group ID.
2285 chmod mode file
2287 The chmod command modifies the file mode bits of the
2288 specified file. The mode operand is an octal integer mode
2289 number.
2290 chown user file
2292 The chown command sets the owner of the file named by the
2293 file operand to the user ID specified by the user oper‐
2294 and. The user operand is a decimal integer user ID.
2295 ln source_file target_file
2297 The ln and symlink commands create a symbolic link at the
2298 target_file location pointing to the source_file loca‐
2299 tion.
2300 mkdir directory_name
2302 The mkdir command creates the directory named by the
2303 directory_name operand.
2304 pwd The pwd command returns the absolute pathname of the cur‐
2306 rent working directory.
2307 rename source target
2309 The rename command renames the file or directory named by
2310 the source operand to the destination path named by the
2311 target operand.
2312 rm file
2314 The rm command removes the file specified by the file op‐
2315 erand.
2316 rmdir directory
2318 The rmdir command removes the directory entry specified
2319 by the directory operand, provided it is empty.
2320 symlink source_file target_file
2322 See ln.
2323 --random-file <file>
2325 Specify the path name to file containing what will be considered
2326 as random data. The data may be used to seed the random engine
2327 for SSL connections. See also the --egd-file option.
2328 -r, --range <range>
2330 (HTTP FTP SFTP FILE) Retrieve a byte range (i.e. a partial docu‐
2331 ment) from an HTTP/1.1, FTP or SFTP server or a local FILE.
2332 Ranges can be specified in a number of ways.
2333 0-499 specifies the first 500 bytes
2335 500-999 specifies the second 500 bytes
2337 -500 specifies the last 500 bytes
2339 9500- specifies the bytes from offset 9500 and forward
2341 0-0,-1 specifies the first and last byte only(*)(HTTP)
2343 100-199,500-599
2345 specifies two separate 100-byte ranges(*) (HTTP)
2346 (*) = NOTE that this will cause the server to reply with a mul‐
2348 tipart response!
2349 Only digit characters (0-9) are valid in the 'start' and 'stop'
2351 fields of the 'start-stop' range syntax. If a non-digit charac‐
2352 ter is given in the range, the server's response will be unspec‐
2353 ified, depending on the server's configuration.
2354 You should also be aware that many HTTP/1.1 servers do not have
2356 this feature enabled, so that when you attempt to get a range,
2357 you'll instead get the whole document.
2358 FTP and SFTP range downloads only support the simple 'start-
2360 stop' syntax (optionally with one of the numbers omitted). FTP
2361 use depends on the extended FTP command SIZE.
2362 If this option is used several times, the last one will be used.
2364 --raw (HTTP) When used, it disables all internal HTTP decoding of con‐
2366 tent or transfer encodings and instead makes them passed on
2367 unaltered, raw.
2368 Added in 7.16.2.
2370 -e, --referer <URL>
2372 (HTTP) Sends the "Referrer Page" information to the HTTP server.
2373 This can also be set with the -H, --header flag of course. When
2374 used with -L, --location you can append ";auto" to the -e,
2375 --referer URL to make curl automatically set the previous URL
2376 when it follows a Location: header. The ";auto" string can be
2377 used alone, even if you don't set an initial -e, --referer.
2378 If this option is used several times, the last one will be used.
2380 See also -A, --user-agent and -H, --header.
2382 -J, --remote-header-name
2384 (HTTP) This option tells the -O, --remote-name option to use the
2385 server-specified Content-Disposition filename instead of
2386 extracting a filename from the URL.
2387 If the server specifies a file name and a file with that name
2389 already exists in the current working directory it will not be
2390 overwritten and an error will occur. If the server doesn't spec‐
2391 ify a file name then this option has no effect.
2392 There's no attempt to decode %-sequences (yet) in the provided
2394 file name, so this option may provide you with rather unexpected
2395 file names.
2396 WARNING: Exercise judicious use of this option, especially on
2398 Windows. A rogue server could send you the name of a DLL or
2399 other file that could possibly be loaded automatically by Win‐
2400 dows or some third party software.
2401 --remote-name-all
2403 This option changes the default action for all given URLs to be
2404 dealt with as if -O, --remote-name were used for each one. So if
2405 you want to disable that for a specific URL after --remote-name-
2406 all has been used, you must use "-o -" or --no-remote-name.
2407 Added in 7.19.0.
2409 -O, --remote-name
2411 Write output to a local file named like the remote file we get.
2412 (Only the file part of the remote file is used, the path is cut
2413 off.)
2414 The file will be saved in the current working directory. If you
2416 want the file saved in a different directory, make sure you
2417 change the current working directory before invoking curl with
2418 this option.
2419 The remote file name to use for saving is extracted from the
2421 given URL, nothing else, and if it already exists it will be
2422 overwritten. If you want the server to be able to choose the
2423 file name refer to -J, --remote-header-name which can be used in
2424 addition to this option. If the server chooses a file name and
2425 that name already exists it will not be overwritten.
2426 There is no URL decoding done on the file name. If it has %20 or
2428 other URL encoded parts of the name, they will end up as-is as
2429 file name.
2430 You may use this option as many times as the number of URLs you
2432 have.
2433 -R, --remote-time
2435 When used, this will make curl attempt to figure out the time‐
2436 stamp of the remote file, and if that is available make the
2437 local file get that same timestamp.
2438 --request-target
2440 (HTTP) Tells curl to use an alternative "target" (path) instead
2441 of using the path as provided in the URL. Particularly useful
2442 when wanting to issue HTTP requests without leading slash or
2443 other data that doesn't follow the regular URL pattern, like
2444 "OPTIONS *".
2445 Added in 7.55.0.
2447 -X, --request <command>
2449 (HTTP) Specifies a custom request method to use when communicat‐
2450 ing with the HTTP server. The specified request method will be
2451 used instead of the method otherwise used (which defaults to
2452 GET). Read the HTTP 1.1 specification for details and explana‐
2453 tions. Common additional HTTP requests include PUT and DELETE,
2454 but related technologies like WebDAV offers PROPFIND, COPY, MOVE
2455 and more.
2456 Normally you don't need this option. All sorts of GET, HEAD,
2458 POST and PUT requests are rather invoked by using dedicated com‐
2459 mand line options.
2460 This option only changes the actual word used in the HTTP
2462 request, it does not alter the way curl behaves. So for example
2463 if you want to make a proper HEAD request, using -X HEAD will
2464 not suffice. You need to use the -I, --head option.
2465 The method string you set with -X, --request will be used for
2467 all requests, which if you for example use -L, --location may
2468 cause unintended side-effects when curl doesn't change request
2469 method according to the HTTP 30x response codes - and similar.
2470 (FTP) Specifies a custom FTP command to use instead of LIST when
2472 doing file lists with FTP.
2473 (POP3) Specifies a custom POP3 command to use instead of LIST or
2475 RETR. (Added in 7.26.0)
2476 (IMAP) Specifies a custom IMAP command to use instead of LIST.
2478 (Added in 7.30.0)
2479 (SMTP) Specifies a custom SMTP command to use instead of HELP or
2481 VRFY. (Added in 7.34.0)
2482 If this option is used several times, the last one will be used.
2484 --resolve <host:port:address[,address]...>
2486 Provide a custom address for a specific host and port pair.
2487 Using this, you can make the curl requests(s) use a specified
2488 address and prevent the otherwise normally resolved address to
2489 be used. Consider it a sort of /etc/hosts alternative provided
2490 on the command line. The port number should be the number used
2491 for the specific protocol the host will be used for. It means
2492 you need several entries if you want to provide address for the
2493 same host but different ports.
2494 By specifying '*' as host you can tell curl to resolve any host
2496 and specific port pair to the specified address. Wildcard is
2497 resolved last so any --resolve with a specific host and port
2498 will be used first.
2499 The provided address set by this option will be used even if -4,
2501 --ipv4 or -6, --ipv6 is set to make curl use another IP version.
2502 Support for providing the IP address within [brackets] was added
2504 in 7.57.0.
2505 Support for providing multiple IP addresses per entry was added
2507 in 7.59.0.
2508 Support for resolving with wildcard was added in 7.64.0.
2510 This option can be used many times to add many host names to
2512 resolve.
2513 Added in 7.21.3.
2515 --retry-connrefused
2517 In addition to the other conditions, consider ECONNREFUSED as a
2518 transient error too for --retry. This option is used together
2519 with --retry.
2520 Added in 7.52.0.
2522 --retry-delay <seconds>
2524 Make curl sleep this amount of time before each retry when a
2525 transfer has failed with a transient error (it changes the
2526 default backoff time algorithm between retries). This option is
2527 only interesting if --retry is also used. Setting this delay to
2528 zero will make curl use the default backoff time.
2529 If this option is used several times, the last one will be used.
2531 Added in 7.12.3.
2533 --retry-max-time <seconds>
2535 The retry timer is reset before the first transfer attempt.
2536 Retries will be done as usual (see --retry) as long as the timer
2537 hasn't reached this given limit. Notice that if the timer hasn't
2538 reached the limit, the request will be made and while perform‐
2539 ing, it may take longer than this given time period. To limit a
2540 single request´s maximum time, use -m, --max-time. Set this
2541 option to zero to not timeout retries.
2542 If this option is used several times, the last one will be used.
2544 Added in 7.12.3.
2546 --retry <num>
2548 If a transient error is returned when curl tries to perform a
2549 transfer, it will retry this number of times before giving up.
2550 Setting the number to 0 makes curl do no retries (which is the
2551 default). Transient error means either: a timeout, an FTP 4xx
2552 response code or an HTTP 408 or 5xx response code.
2553 When curl is about to retry a transfer, it will first wait one
2555 second and then for all forthcoming retries it will double the
2556 waiting time until it reaches 10 minutes which then will be the
2557 delay between the rest of the retries. By using --retry-delay
2558 you disable this exponential backoff algorithm. See also
2559 --retry-max-time to limit the total time allowed for retries.
2560 Since curl 7.66.0, curl will comply with the Retry-After:
2562 response header if one was present to know when to issue the
2563 next retry.
2564 If this option is used several times, the last one will be used.
2566 Added in 7.12.3.
2568 --sasl-authzid
2570 Use this authorisation identity (authzid), during SASL PLAIN
2571 authentication, in addition to the authentication identity
2572 (authcid) as specified by -u, --user.
2573 If the option isn't specified, the server will derive the
2575 authzid from the authcid, but if specified, and depending on the
2576 server implementation, it may be used to access another user's
2577 inbox, that the user has been granted access to, or a shared
2578 mailbox for example.
2579 Added in 7.66.0.
2581 --sasl-ir
2583 Enable initial response in SASL authentication.
2584 Added in 7.31.0.
2586 --service-name <name>
2588 This option allows you to change the service name for SPNEGO.
2589 Examples: --negotiate --service-name sockd would use
2591 sockd/server-name.
2592 Added in 7.43.0.
2594 -S, --show-error
2596 When used with -s, --silent, it makes curl show an error message
2597 if it fails.
2598 -s, --silent
2600 Silent or quiet mode. Don't show progress meter or error mes‐
2601 sages. Makes Curl mute. It will still output the data you ask
2602 for, potentially even to the terminal/stdout unless you redirect
2603 it.
2604 Use -S, --show-error in addition to this option to disable
2606 progress meter but still show error messages.
2607 See also -v, --verbose and --stderr.
2609 --socks4 <host[:port]>
2611 Use the specified SOCKS4 proxy. If the port number is not speci‐
2612 fied, it is assumed at port 1080.
2613 This option overrides any previous use of -x, --proxy, as they
2615 are mutually exclusive.
2616 Since 7.21.7, this option is superfluous since you can specify a
2618 socks4 proxy with -x, --proxy using a socks4:// protocol prefix.
2619 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
2621 the same time -x, --proxy is used with an HTTP/HTTPS proxy. In
2622 such a case curl first connects to the SOCKS proxy and then con‐
2623 nects (through SOCKS) to the HTTP or HTTPS proxy.
2624 If this option is used several times, the last one will be used.
2626 Added in 7.15.2.
2628 --socks4a <host[:port]>
2630 Use the specified SOCKS4a proxy. If the port number is not spec‐
2631 ified, it is assumed at port 1080.
2632 This option overrides any previous use of -x, --proxy, as they
2634 are mutually exclusive.
2635 Since 7.21.7, this option is superfluous since you can specify a
2637 socks4a proxy with -x, --proxy using a socks4a:// protocol pre‐
2638 fix.
2639 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
2641 the same time -x, --proxy is used with an HTTP/HTTPS proxy. In
2642 such a case curl first connects to the SOCKS proxy and then con‐
2643 nects (through SOCKS) to the HTTP or HTTPS proxy.
2644 If this option is used several times, the last one will be used.
2646 Added in 7.18.0.
2648 --socks5-basic
2650 Tells curl to use username/password authentication when connect‐
2651 ing to a SOCKS5 proxy. The username/password authentication is
2652 enabled by default. Use --socks5-gssapi to force GSS-API
2653 authentication to SOCKS5 proxies.
2654 Added in 7.55.0.
2656 --socks5-gssapi-nec
2658 As part of the GSS-API negotiation a protection mode is negoti‐
2659 ated. RFC 1961 says in section 4.3/4.4 it should be protected,
2660 but the NEC reference implementation does not. The option
2661 --socks5-gssapi-nec allows the unprotected exchange of the pro‐
2662 tection mode negotiation.
2663 Added in 7.19.4.
2665 --socks5-gssapi-service <name>
2667 The default service name for a socks server is rcmd/server-fqdn.
2668 This option allows you to change it.
2669 Examples: --socks5 proxy-name --socks5-gssapi-service sockd
2671 would use sockd/proxy-name --socks5 proxy-name --socks5-gssapi-
2672 service sockd/real-name would use sockd/real-name for cases
2673 where the proxy-name does not match the principal name.
2674 Added in 7.19.4.
2676 --socks5-gssapi
2678 Tells curl to use GSS-API authentication when connecting to a
2679 SOCKS5 proxy. The GSS-API authentication is enabled by default
2680 (if curl is compiled with GSS-API support). Use --socks5-basic
2681 to force username/password authentication to SOCKS5 proxies.
2682 Added in 7.55.0.
2684 --socks5-hostname <host[:port]>
2686 Use the specified SOCKS5 proxy (and let the proxy resolve the
2687 host name). If the port number is not specified, it is assumed
2688 at port 1080.
2689 This option overrides any previous use of -x, --proxy, as they
2691 are mutually exclusive.
2692 Since 7.21.7, this option is superfluous since you can specify a
2694 socks5 hostname proxy with -x, --proxy using a socks5h:// proto‐
2695 col prefix.
2696 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
2698 the same time -x, --proxy is used with an HTTP/HTTPS proxy. In
2699 such a case curl first connects to the SOCKS proxy and then con‐
2700 nects (through SOCKS) to the HTTP or HTTPS proxy.
2701 If this option is used several times, the last one will be used.
2703 Added in 7.18.0.
2705 --socks5 <host[:port]>
2707 Use the specified SOCKS5 proxy - but resolve the host name
2708 locally. If the port number is not specified, it is assumed at
2709 port 1080.
2710 This option overrides any previous use of -x, --proxy, as they
2712 are mutually exclusive.
2713 Since 7.21.7, this option is superfluous since you can specify a
2715 socks5 proxy with -x, --proxy using a socks5:// protocol prefix.
2716 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
2718 the same time -x, --proxy is used with an HTTP/HTTPS proxy. In
2719 such a case curl first connects to the SOCKS proxy and then con‐
2720 nects (through SOCKS) to the HTTP or HTTPS proxy.
2721 If this option is used several times, the last one will be used.
2723 This option (as well as --socks4) does not work with IPV6, FTPS
2725 or LDAP.
2726 Added in 7.18.0.
2728 -Y, --speed-limit <speed>
2730 If a download is slower than this given speed (in bytes per sec‐
2731 ond) for speed-time seconds it gets aborted. speed-time is set
2732 with -y, --speed-time and is 30 if not set.
2733 If this option is used several times, the last one will be used.
2735 -y, --speed-time <seconds>
2737 If a download is slower than speed-limit bytes per second during
2738 a speed-time period, the download gets aborted. If speed-time is
2739 used, the default speed-limit will be 1 unless set with -Y,
2740 --speed-limit.
2741 This option controls transfers and thus will not affect slow
2743 connects etc. If this is a concern for you, try the --connect-
2744 timeout option.
2745 If this option is used several times, the last one will be used.
2747 --ssl-allow-beast
2749 This option tells curl to not work around a security flaw in the
2750 SSL3 and TLS1.0 protocols known as BEAST. If this option isn't
2751 used, the SSL layer may use workarounds known to cause interop‐
2752 erability problems with some older SSL implementations. WARNING:
2753 this option loosens the SSL security, and by using this flag you
2754 ask for exactly that.
2755 Added in 7.25.0.
2757 --ssl-no-revoke
2759 (Schannel) This option tells curl to disable certificate revoca‐
2760 tion checks. WARNING: this option loosens the SSL security, and
2761 by using this flag you ask for exactly that.
2762 Added in 7.44.0.
2764 --ssl-reqd
2766 (FTP IMAP POP3 SMTP) Require SSL/TLS for the connection. Termi‐
2767 nates the connection if the server doesn't support SSL/TLS.
2768 This option was formerly known as --ftp-ssl-reqd.
2770 Added in 7.20.0.
2772 --ssl (FTP IMAP POP3 SMTP) Try to use SSL/TLS for the connection.
2774 Reverts to a non-secure connection if the server doesn't support
2775 SSL/TLS. See also --ftp-ssl-control and --ssl-reqd for differ‐
2776 ent levels of encryption required.
2777 This option was formerly known as --ftp-ssl (Added in 7.11.0).
2779 That option name can still be used but will be removed in a
2780 future version.
2781 Added in 7.20.0.
2783 -2, --sslv2
2785 (SSL) Forces curl to use SSL version 2 when negotiating with a
2786 remote SSL server. Sometimes curl is built without SSLv2 sup‐
2787 port. SSLv2 is widely considered insecure (see RFC 6176).
2788 See also --http1.1 and --http2. -2, --sslv2 requires that the
2790 underlying libcurl was built to support TLS. This option over‐
2791 rides -3, --sslv3 and -1, --tlsv1 and --tlsv1.1 and --tlsv1.2.
2792 -3, --sslv3
2794 (SSL) Forces curl to use SSL version 3 when negotiating with a
2795 remote SSL server. Sometimes curl is built without SSLv3 sup‐
2796 port. SSLv3 is widely considered insecure (see RFC 7568).
2797 See also --http1.1 and --http2. -3, --sslv3 requires that the
2799 underlying libcurl was built to support TLS. This option over‐
2800 rides -2, --sslv2 and -1, --tlsv1 and --tlsv1.1 and --tlsv1.2.
2801 --stderr
2803 Redirect all writes to stderr to the specified file instead. If
2804 the file name is a plain '-', it is instead written to stdout.
2805 If this option is used several times, the last one will be used.
2807 See also -v, --verbose and -s, --silent.
2809 --styled-output
2811 Enables the automatic use of bold font styles when writing HTTP
2812 headers to the terminal. Use --no-styled-output to switch them
2813 off.
2814 Added in 7.61.0.
2816 --suppress-connect-headers
2818 When -p, --proxytunnel is used and a CONNECT request is made
2819 don't output proxy CONNECT response headers. This option is
2820 meant to be used with -D, --dump-header or -i, --include which
2821 are used to show protocol headers in the output. It has no
2822 effect on debug options such as -v, --verbose or --trace, or any
2823 statistics.
2824 See also -D, --dump-header and -i, --include and -p, --proxytun‐
2826 nel.
2827 --tcp-fastopen
2829 Enable use of TCP Fast Open (RFC7413).
2830 Added in 7.49.0.
2832 --tcp-nodelay
2834 Turn on the TCP_NODELAY option. See the curl_easy_setopt(3) man
2835 page for details about this option.
2836 Since 7.50.2, curl sets this option by default and you need to
2838 explicitly switch it off if you don't want it on.
2839 Added in 7.11.2.
2841 -t, --telnet-option <opt=val>
2843 Pass options to the telnet protocol. Supported options are:
2844 TTYPE=<term> Sets the terminal type.
2846 XDISPLOC=<X display> Sets the X display location.
2848 NEW_ENV=<var,val> Sets an environment variable.
2850 --tftp-blksize <value>
2852 (TFTP) Set TFTP BLKSIZE option (must be >512). This is the block
2853 size that curl will try to use when transferring data to or from
2854 a TFTP server. By default 512 bytes will be used.
2855 If this option is used several times, the last one will be used.
2857 Added in 7.20.0.
2859 --tftp-no-options
2861 (TFTP) Tells curl not to send TFTP options requests.
2862 This option improves interop with some legacy servers that do
2864 not acknowledge or properly implement TFTP options. When this
2865 option is used --tftp-blksize is ignored.
2866 Added in 7.48.0.
2868 -z, --time-cond <time>
2870 (HTTP FTP) Request a file that has been modified later than the
2871 given time and date, or one that has been modified before that
2872 time. The <date expression> can be all sorts of date strings or
2873 if it doesn't match any internal ones, it is taken as a filename
2874 and tries to get the modification date (mtime) from <file>
2875 instead. See the curl_getdate(3) man pages for date expression
2876 details.
2877 Start the date expression with a dash (-) to make it request for
2879 a document that is older than the given date/time, default is a
2880 document that is newer than the specified date/time.
2881 If this option is used several times, the last one will be used.
2883 --tls-max <VERSION>
2885 (SSL) VERSION defines maximum supported TLS version. The minimum
2886 acceptable version is set by tlsv1.0, tlsv1.1, tlsv1.2 or
2887 tlsv1.3.
2888 default
2891 Use up to recommended TLS version.
2892 1.0 Use up to TLSv1.0.
2894 1.1 Use up to TLSv1.1.
2896 1.2 Use up to TLSv1.2.
2898 1.3 Use up to TLSv1.3.
2900 See also --tlsv1.0 and --tlsv1.1 and --tlsv1.2 and --tlsv1.3. --tls-max
2902 requires that the underlying libcurl was built to support TLS. Added in
2903 7.54.0.
2904 --tls13-ciphers <list of TLS 1.3 ciphersuites>
2906 (TLS) Specifies which cipher suites to use in the connection if
2907 it negotiates TLS 1.3. The list of ciphers suites must specify
2908 valid ciphers. Read up on TLS 1.3 cipher suite details on this
2909 URL:
2910 https://curl.haxx.se/docs/ssl-ciphers.html
2912 This option is currently used only when curl is built to use
2914 OpenSSL 1.1.1 or later. If you are using a different SSL backend
2915 you can try setting TLS 1.3 cipher suites by using the --ciphers
2916 option.
2917 If this option is used several times, the last one will be used.
2919 --tlsauthtype <type>
2921 Set TLS authentication type. Currently, the only supported
2922 option is "SRP", for TLS-SRP (RFC 5054). If --tlsuser and
2923 --tlspassword are specified but --tlsauthtype is not, then this
2924 option defaults to "SRP". This option works only if the under‐
2925 lying libcurl is built with TLS-SRP support, which requires
2926 OpenSSL or GnuTLS with TLS-SRP support.
2927 Added in 7.21.4.
2929 --tlspassword
2931 Set password for use with the TLS authentication method speci‐
2932 fied with --tlsauthtype. Requires that --tlsuser also be set.
2933 Added in 7.21.4.
2935 --tlsuser <name>
2937 Set username for use with the TLS authentication method speci‐
2938 fied with --tlsauthtype. Requires that --tlspassword also is
2939 set.
2940 Added in 7.21.4.
2942 --tlsv1.0
2944 (TLS) Forces curl to use TLS version 1.0 or later when connect‐
2945 ing to a remote TLS server.
2946 In old versions of curl this option was documented to allow
2948 _only_ TLS 1.0, but behavior was inconsistent depending on the
2949 TLS library. Use --tls-max if you want to set a maximum TLS ver‐
2950 sion.
2951 Added in 7.34.0.
2953 --tlsv1.1
2955 (TLS) Forces curl to use TLS version 1.1 or later when connect‐
2956 ing to a remote TLS server.
2957 In old versions of curl this option was documented to allow
2959 _only_ TLS 1.1, but behavior was inconsistent depending on the
2960 TLS library. Use --tls-max if you want to set a maximum TLS ver‐
2961 sion.
2962 Added in 7.34.0.
2964 --tlsv1.2
2966 (TLS) Forces curl to use TLS version 1.2 or later when connect‐
2967 ing to a remote TLS server.
2968 In old versions of curl this option was documented to allow
2970 _only_ TLS 1.2, but behavior was inconsistent depending on the
2971 TLS library. Use --tls-max if you want to set a maximum TLS ver‐
2972 sion.
2973 Added in 7.34.0.
2975 --tlsv1.3
2977 (TLS) Forces curl to use TLS version 1.3 or later when connect‐
2978 ing to a remote TLS server.
2979 Note that TLS 1.3 is only supported by a subset of TLS backends.
2981 At the time of this writing, they are BoringSSL, NSS, and Secure
2982 Transport (on iOS 11 or later, and macOS 10.13 or later).
2983 Added in 7.52.0.
2985 -1, --tlsv1
2987 (SSL) Tells curl to use at least TLS version 1.x when negotiat‐
2988 ing with a remote TLS server. That means TLS version 1.0 or
2989 higher
2990 See also --http1.1 and --http2. -1, --tlsv1 requires that the
2992 underlying libcurl was built to support TLS. This option over‐
2993 rides --tlsv1.1 and --tlsv1.2 and --tlsv1.3.
2994 --tr-encoding
2996 (HTTP) Request a compressed Transfer-Encoding response using one
2997 of the algorithms curl supports, and uncompress the data while
2998 receiving it.
2999 Added in 7.21.6.
3001 --trace-ascii <file>
3003 Enables a full trace dump of all incoming and outgoing data,
3004 including descriptive information, to the given output file. Use
3005 "-" as filename to have the output sent to stdout.
3006 This is very similar to --trace, but leaves out the hex part and
3008 only shows the ASCII part of the dump. It makes smaller output
3009 that might be easier to read for untrained humans.
3010 If this option is used several times, the last one will be used.
3012 This option overrides --trace and -v, --verbose.
3014 --trace-time
3016 Prepends a time stamp to each trace or verbose line that curl
3017 displays.
3018 Added in 7.14.0.
3020 --trace <file>
3022 Enables a full trace dump of all incoming and outgoing data,
3023 including descriptive information, to the given output file. Use
3024 "-" as filename to have the output sent to stdout. Use "%" as
3025 filename to have the output sent to stderr.
3026 If this option is used several times, the last one will be used.
3028 This option overrides -v, --verbose and --trace-ascii.
3030 --unix-socket <path>
3032 (HTTP) Connect through this Unix domain socket, instead of using
3033 the network.
3034 Added in 7.40.0.
3036 -T, --upload-file <file>
3038 This transfers the specified local file to the remote URL. If
3039 there is no file part in the specified URL, curl will append the
3040 local file name. NOTE that you must use a trailing / on the last
3041 directory to really prove to Curl that there is no file name or
3042 curl will think that your last directory name is the remote file
3043 name to use. That will most likely cause the upload operation to
3044 fail. If this is used on an HTTP(S) server, the PUT command will
3045 be used.
3046 Use the file name "-" (a single dash) to use stdin instead of a
3048 given file. Alternately, the file name "." (a single period)
3049 may be specified instead of "-" to use stdin in non-blocking
3050 mode to allow reading server output while stdin is being
3051 uploaded.
3052 You can specify one -T, --upload-file for each URL on the com‐
3054 mand line. Each -T, --upload-file + URL pair specifies what to
3055 upload and to where. curl also supports "globbing" of the -T,
3056 --upload-file argument, meaning that you can upload multiple
3057 files to a single URL by using the same URL globbing style sup‐
3058 ported in the URL, like this:
3059 curl --upload-file "{file1,file2}" http://www.example.com
3061 or even
3063 curl -T "img[1-1000].png" ftp://ftp.example.com/upload/
3065 When uploading to an SMTP server: the uploaded data is assumed
3067 to be RFC 5322 formatted. It has to feature the necessary set of
3068 headers and mail body formatted correctly by the user as curl
3069 will not transcode nor encode it further in any way.
3070 --url <url>
3072 Specify a URL to fetch. This option is mostly handy when you
3073 want to specify URL(s) in a config file.
3074 If the given URL is missing a scheme name (such as "http://" or
3076 "ftp://" etc) then curl will make a guess based on the host. If
3077 the outermost sub-domain name matches DICT, FTP, IMAP, LDAP,
3078 POP3 or SMTP then that protocol will be used, otherwise HTTP
3079 will be used. Since 7.45.0 guessing can be disabled by setting a
3080 default protocol, see --proto-default for details.
3081 This option may be used any number of times. To control where
3083 this URL is written, use the -o, --output or the -O, --remote-
3084 name options.
3085 -B, --use-ascii
3087 (FTP LDAP) Enable ASCII transfer. For FTP, this can also be
3088 enforced by using a URL that ends with ";type=A". This option
3089 causes data sent to stdout to be in text mode for win32 systems.
3090 -A, --user-agent <name>
3092 (HTTP) Specify the User-Agent string to send to the HTTP server.
3093 To encode blanks in the string, surround the string with single
3094 quote marks. This header can also be set with the -H, --header
3095 or the --proxy-header options.
3096 If this option is used several times, the last one will be used.
3098 -u, --user <user:password>
3100 Specify the user name and password to use for server authentica‐
3101 tion. Overrides -n, --netrc and --netrc-optional.
3102 If you simply specify the user name, curl will prompt for a
3104 password.
3105 The user name and passwords are split up on the first colon,
3107 which makes it impossible to use a colon in the user name with
3108 this option. The password can, still.
3109 On systems where it works, curl will hide the given option argu‐
3111 ment from process listings. This is not enough to protect cre‐
3112 dentials from possibly getting seen by other users on the same
3113 system as they will still be visible for a brief moment before
3114 cleared. Such sensitive data should be retrieved from a file
3115 instead or similar and never used in clear text in a command
3116 line.
3117 When using Kerberos V5 with a Windows based server you should
3119 include the Windows domain name in the user name, in order for
3120 the server to successfully obtain a Kerberos Ticket. If you
3121 don't then the initial authentication handshake may fail.
3122 When using NTLM, the user name can be specified simply as the
3124 user name, without the domain, if there is a single domain and
3125 forest in your setup for example.
3126 To specify the domain name use either Down-Level Logon Name or
3128 UPN (User Principal Name) formats. For example, EXAMPLE\user and
3129 user@example.com respectively.
3130 If you use a Windows SSPI-enabled curl binary and perform Ker‐
3132 beros V5, Negotiate, NTLM or Digest authentication then you can
3133 tell curl to select the user name and password from your envi‐
3134 ronment by specifying a single colon with this option: "-u :".
3135 If this option is used several times, the last one will be used.
3137 -v, --verbose
3139 Makes curl verbose during the operation. Useful for debugging
3140 and seeing what's going on "under the hood". A line starting
3141 with '>' means "header data" sent by curl, '<' means "header
3142 data" received by curl that is hidden in normal cases, and a
3143 line starting with '*' means additional info provided by curl.
3144 If you only want HTTP headers in the output, -i, --include might
3146 be the option you're looking for.
3147 If you think this option still doesn't give you enough details,
3149 consider using --trace or --trace-ascii instead.
3150 Use -s, --silent to make curl really quiet.
3152 See also -i, --include. This option overrides --trace and
3154 --trace-ascii.
3155 -V, --version
3157 Displays information about curl and the libcurl version it uses.
3158 The first line includes the full version of curl, libcurl and
3160 other 3rd party libraries linked with the executable.
3161 The second line (starts with "Protocols:") shows all protocols
3163 that libcurl reports to support.
3164 The third line (starts with "Features:") shows specific features
3166 libcurl reports to offer. Available features include:
3167 IPv6 You can use IPv6 with this.
3169 krb4 Krb4 for FTP is supported.
3171 SSL SSL versions of various protocols are supported, such as
3173 HTTPS, FTPS, POP3S and so on.
3174 libz Automatic decompression of compressed files over HTTP is
3176 supported.
3177 NTLM NTLM authentication is supported.
3179 Debug This curl uses a libcurl built with Debug. This enables
3181 more error-tracking and memory debugging etc. For curl-
3182 developers only!
3183 AsynchDNS
3185 This curl uses asynchronous name resolves. Asynchronous
3186 name resolves can be done using either the c-ares or the
3187 threaded resolver backends.
3188 SPNEGO SPNEGO authentication is supported.
3190 Largefile
3192 This curl supports transfers of large files, files larger
3193 than 2GB.
3194 IDN This curl supports IDN - international domain names.
3196 GSS-API
3198 GSS-API is supported.
3199 SSPI SSPI is supported.
3201 TLS-SRP
3203 SRP (Secure Remote Password) authentication is supported
3204 for TLS.
3205 HTTP2 HTTP/2 support has been built-in.
3207 UnixSockets
3209 Unix sockets support is provided.
3210 HTTPS-proxy
3212 This curl is built to support HTTPS proxy.
3213 Metalink
3215 This curl supports Metalink (both version 3 and 4 (RFC
3216 5854)), which describes mirrors and hashes. curl will
3217 use mirrors for failover if there are errors (such as the
3218 file or server not being available).
3219 PSL PSL is short for Public Suffix List and means that this
3221 curl has been built with knowledge about "public suf‐
3222 fixes".
3223 MultiSSL
3225 This curl supports multiple TLS backends.
3226 -w, --write-out <format>
3228 Make curl display information on stdout after a completed trans‐
3229 fer. The format is a string that may contain plain text mixed
3230 with any number of variables. The format can be specified as a
3231 literal "string", or you can have curl read the format from a
3232 file with "@filename" and to tell curl to read the format from
3233 stdin you write "@-".
3234 The variables present in the output format will be substituted
3236 by the value or text that curl thinks fit, as described below.
3237 All variables are specified as %{variable_name} and to output a
3238 normal % you just write them as %%. You can output a newline by
3239 using \n, a carriage return with \r and a tab space with \t.
3240 The output will be written to standard output, but this can be
3242 switched to standard error by using %{stderr}.
3243 NOTE: The %-symbol is a special symbol in the win32-environment,
3245 where all occurrences of % must be doubled when using this
3246 option.
3247 The variables available are:
3249 content_type The Content-Type of the requested document, if
3251 there was any.
3252 filename_effective
3254 The ultimate filename that curl writes out to.
3255 This is only meaningful if curl is told to write
3256 to a file with the -O, --remote-name or -o,
3257 --output option. It's most useful in combination
3258 with the -J, --remote-header-name option. (Added
3259 in 7.26.0)
3260 ftp_entry_path The initial path curl ended up in when logging on
3262 to the remote FTP server. (Added in 7.15.4)
3263 http_code The numerical response code that was found in the
3265 last retrieved HTTP(S) or FTP(s) transfer. In
3266 7.18.2 the alias response_code was added to show
3267 the same info.
3268 http_connect The numerical code that was found in the last
3270 response (from a proxy) to a curl CONNECT
3271 request. (Added in 7.12.4)
3272 http_version The http version that was effectively used.
3274 (Added in 7.50.0)
3275 local_ip The IP address of the local end of the most
3277 recently done connection - can be either IPv4 or
3278 IPv6 (Added in 7.29.0)
3279 local_port The local port number of the most recently done
3281 connection (Added in 7.29.0)
3282 num_connects Number of new connects made in the recent trans‐
3284 fer. (Added in 7.12.3)
3285 num_redirects Number of redirects that were followed in the
3287 request. (Added in 7.12.3)
3288 proxy_ssl_verify_result
3290 The result of the HTTPS proxy's SSL peer certifi‐
3291 cate verification that was requested. 0 means the
3292 verification was successful. (Added in 7.52.0)
3293 redirect_url When an HTTP request was made without -L, --loca‐
3295 tion to follow redirects (or when --max-redir is
3296 met), this variable will show the actual URL a
3297 redirect would have gone to. (Added in 7.18.2)
3298 remote_ip The remote IP address of the most recently done
3300 connection - can be either IPv4 or IPv6 (Added in
3301 7.29.0)
3302 remote_port The remote port number of the most recently done
3304 connection (Added in 7.29.0)
3305 scheme The URL scheme (sometimes called protocol) that
3307 was effectively used (Added in 7.52.0)
3308 size_download The total amount of bytes that were downloaded.
3310 size_header The total amount of bytes of the downloaded head‐
3312 ers.
3313 size_request The total amount of bytes that were sent in the
3315 HTTP request.
3316 size_upload The total amount of bytes that were uploaded.
3318 speed_download The average download speed that curl measured for
3320 the complete download. Bytes per second.
3321 speed_upload The average upload speed that curl measured for
3323 the complete upload. Bytes per second.
3324 ssl_verify_result
3326 The result of the SSL peer certificate verifica‐
3327 tion that was requested. 0 means the verification
3328 was successful. (Added in 7.19.0)
3329 stderr From this point on, the -w, --write-out output
3331 will be written to standard error. (Added in
3332 7.63.0)
3333 stdout From this point on, the -w, --write-out output
3335 will be written to standard output. This is the
3336 default, but can be used to switch back after
3337 switching to stderr. (Added in 7.63.0)
3338 time_appconnect
3340 The time, in seconds, it took from the start
3341 until the SSL/SSH/etc connect/handshake to the
3342 remote host was completed. (Added in 7.19.0)
3343 time_connect The time, in seconds, it took from the start
3345 until the TCP connect to the remote host (or
3346 proxy) was completed.
3347 time_namelookup
3349 The time, in seconds, it took from the start
3350 until the name resolving was completed.
3351 time_pretransfer
3353 The time, in seconds, it took from the start
3354 until the file transfer was just about to begin.
3355 This includes all pre-transfer commands and nego‐
3356 tiations that are specific to the particular pro‐
3357 tocol(s) involved.
3358 time_redirect The time, in seconds, it took for all redirection
3360 steps including name lookup, connect, pretransfer
3361 and transfer before the final transaction was
3362 started. time_redirect shows the complete execu‐
3363 tion time for multiple redirections. (Added in
3364 7.12.3)
3365 time_starttransfer
3367 The time, in seconds, it took from the start
3368 until the first byte was just about to be trans‐
3369 ferred. This includes time_pretransfer and also
3370 the time the server needed to calculate the
3371 result.
3372 time_total The total time, in seconds, that the full opera‐
3374 tion lasted.
3375 url_effective The URL that was fetched last. This is most mean‐
3377 ingful if you've told curl to follow location:
3378 headers.
3379 If this option is used several times, the last one will be used.
3381 --xattr
3383 When saving output to a file, this option tells curl to store
3384 certain file metadata in extended file attributes. Currently,
3385 the URL is stored in the xdg.origin.url attribute and, for HTTP,
3386 the content type is stored in the mime_type attribute. If the
3387 file system does not support extended attributes, a warning is
3388 issued.
3389
3391 ~/.curlrc
3392 Default config file, see -K, --config for details.
3393
3395 The environment variables can be specified in lower case or upper case.
3396 The lower case version has precedence. http_proxy is an exception as it
3397 is only available in lower case.
3398 Using an environment variable to set the proxy has the same effect as
3400 using the -x, --proxy option.
3401 http_proxy [protocol://]<host>[:port]
3404 Sets the proxy server to use for HTTP.
3405 HTTPS_PROXY [protocol://]<host>[:port]
3407 Sets the proxy server to use for HTTPS.
3408 [url-protocol]_PROXY [protocol://]<host>[:port]
3410 Sets the proxy server to use for [url-protocol], where the pro‐
3411 tocol is a protocol that curl supports and as specified in a
3412 URL. FTP, FTPS, POP3, IMAP, SMTP, LDAP etc.
3413 ALL_PROXY [protocol://]<host>[:port]
3415 Sets the proxy server to use if no protocol-specific proxy is
3416 set.
3417 NO_PROXY <comma-separated list of hosts/domains>
3419 list of host names that shouldn't go through any proxy. If set
3420 to an asterisk '*' only, it matches all hosts. Each name in this
3421 list is matched as either a domain name which contains the host‐
3422 name, or the hostname itself.
3423 This environment variable disables use of the proxy even when
3425 specified with the -x, --proxy option. That is
3426 NO_PROXY=direct.example.com curl -x http://proxy.example.com
3427 http://direct.example.com accesses the target URL directly, and
3428 NO_PROXY=direct.example.com curl -x http://proxy.example.com
3429 http://somewhere.example.com accesses the target URL through the
3430 proxy.
3431 The list of host names can also be include numerical IP
3433 addresses, and IPv6 versions should then be given without
3434 enclosing brackets.
3435
3438 Since curl version 7.21.7, the proxy string may be specified with a
3439 protocol:// prefix to specify alternative proxy protocols.
3440 If no protocol is specified in the proxy string or if the string
3442 doesn't match a supported one, the proxy will be treated as an HTTP
3443 proxy.
3444 The supported proxy protocol prefixes are as follows:
3446 http://
3448 Makes it use it as an HTTP proxy. The default if no scheme pre‐
3449 fix is used.
3450 https://
3452 Makes it treated as an HTTPS proxy.
3453 socks4://
3455 Makes it the equivalent of --socks4
3456 socks4a://
3458 Makes it the equivalent of --socks4a
3459 socks5://
3461 Makes it the equivalent of --socks5
3462 socks5h://
3464 Makes it the equivalent of --socks5-hostname
3465
3467 There are a bunch of different error codes and their corresponding
3468 error messages that may appear during bad conditions. At the time of
3469 this writing, the exit codes are:
3470 1 Unsupported protocol. This build of curl has no support for this
3472 protocol.
3473 2 Failed to initialize.
3475 3 URL malformed. The syntax was not correct.
3477 4 A feature or option that was needed to perform the desired
3479 request was not enabled or was explicitly disabled at build-
3480 time. To make curl able to do this, you probably need another
3481 build of libcurl!
3482 5 Couldn't resolve proxy. The given proxy host could not be
3484 resolved.
3485 6 Couldn't resolve host. The given remote host was not resolved.
3487 7 Failed to connect to host.
3489 8 Weird server reply. The server sent data curl couldn't parse.
3491 9 FTP access denied. The server denied login or denied access to
3493 the particular resource or directory you wanted to reach. Most
3494 often you tried to change to a directory that doesn't exist on
3495 the server.
3496 10 FTP accept failed. While waiting for the server to connect back
3498 when an active FTP session is used, an error code was sent over
3499 the control connection or similar.
3500 11 FTP weird PASS reply. Curl couldn't parse the reply sent to the
3502 PASS request.
3503 12 During an active FTP session while waiting for the server to
3505 connect back to curl, the timeout expired.
3506 13 FTP weird PASV reply, Curl couldn't parse the reply sent to the
3508 PASV request.
3509 14 FTP weird 227 format. Curl couldn't parse the 227-line the
3511 server sent.
3512 15 FTP can't get host. Couldn't resolve the host IP we got in the
3514 227-line.
3515 16 HTTP/2 error. A problem was detected in the HTTP2 framing layer.
3517 This is somewhat generic and can be one out of several problems,
3518 see the error message for details.
3519 17 FTP couldn't set binary. Couldn't change transfer method to
3521 binary.
3522 18 Partial file. Only a part of the file was transferred.
3524 19 FTP couldn't download/access the given file, the RETR (or simi‐
3526 lar) command failed.
3527 21 FTP quote error. A quote command returned error from the server.
3529 22 HTTP page not retrieved. The requested url was not found or
3531 returned another error with the HTTP error code being 400 or
3532 above. This return code only appears if -f, --fail is used.
3533 23 Write error. Curl couldn't write data to a local filesystem or
3535 similar.
3536 25 FTP couldn't STOR file. The server denied the STOR operation,
3538 used for FTP uploading.
3539 26 Read error. Various reading problems.
3541 27 Out of memory. A memory allocation request failed.
3543 28 Operation timeout. The specified time-out period was reached
3545 according to the conditions.
3546 30 FTP PORT failed. The PORT command failed. Not all FTP servers
3548 support the PORT command, try doing a transfer using PASV
3549 instead!
3550 31 FTP couldn't use REST. The REST command failed. This command is
3552 used for resumed FTP transfers.
3553 33 HTTP range error. The range "command" didn't work.
3555 34 HTTP post error. Internal post-request generation error.
3557 35 SSL connect error. The SSL handshaking failed.
3559 36 Bad download resume. Couldn't continue an earlier aborted down‐
3561 load.
3562 37 FILE couldn't read file. Failed to open the file. Permissions?
3564 38 LDAP cannot bind. LDAP bind operation failed.
3566 39 LDAP search failed.
3568 41 Function not found. A required LDAP function was not found.
3570 42 Aborted by callback. An application told curl to abort the oper‐
3572 ation.
3573 43 Internal error. A function was called with a bad parameter.
3575 45 Interface error. A specified outgoing interface could not be
3577 used.
3578 47 Too many redirects. When following redirects, curl hit the maxi‐
3580 mum amount.
3581 48 Unknown option specified to libcurl. This indicates that you
3583 passed a weird option to curl that was passed on to libcurl and
3584 rejected. Read up in the manual!
3585 49 Malformed telnet option.
3587 51 The peer's SSL certificate or SSH MD5 fingerprint was not OK.
3589 52 The server didn't reply anything, which here is considered an
3591 error.
3592 53 SSL crypto engine not found.
3594 54 Cannot set SSL crypto engine as default.
3596 55 Failed sending network data.
3598 56 Failure in receiving network data.
3600 58 Problem with the local certificate.
3602 59 Couldn't use specified SSL cipher.
3604 60 Peer certificate cannot be authenticated with known CA certifi‐
3606 cates.
3607 61 Unrecognized transfer encoding.
3609 62 Invalid LDAP URL.
3611 63 Maximum file size exceeded.
3613 64 Requested FTP SSL level failed.
3615 65 Sending the data requires a rewind that failed.
3617 66 Failed to initialise SSL Engine.
3619 67 The user name, password, or similar was not accepted and curl
3621 failed to log in.
3622 68 File not found on TFTP server.
3624 69 Permission problem on TFTP server.
3626 70 Out of disk space on TFTP server.
3628 71 Illegal TFTP operation.
3630 72 Unknown TFTP transfer ID.
3632 73 File already exists (TFTP).
3634 74 No such user (TFTP).
3636 75 Character conversion failed.
3638 76 Character conversion functions required.
3640 77 Problem with reading the SSL CA cert (path? access rights?).
3642 78 The resource referenced in the URL does not exist.
3644 79 An unspecified error occurred during the SSH session.
3646 80 Failed to shut down the SSL connection.
3648 82 Could not load CRL file, missing or wrong format (added in
3650 7.19.0).
3651 83 Issuer check failed (added in 7.19.0).
3653 84 The FTP PRET command failed
3655 85 RTSP: mismatch of CSeq numbers
3657 86 RTSP: mismatch of Session Identifiers
3659 87 unable to parse FTP file list
3661 88 FTP chunk callback reported error
3663 89 No connection available, the session will be queued
3665 90 SSL public key does not matched pinned public key
3667 91 Invalid SSL certificate status.
3669 92 Stream error in HTTP/2 framing layer.
3671 XX More error codes will appear here in future releases. The exist‐
3673 ing ones are meant to never change.
3674
3676 Daniel Stenberg is the main author, but the whole list of contributors
3677 is found in the separate THANKS file.
3678
3680 https://curl.haxx.se
3681
3683 ftp(1), wget(1)
3684Curl 7.66.0 November 16, 2016 curl(1)