FreeBSD Manual Pages

home | help

curl(1) curl Manual curl(1)

NAME
curl - transfer a URL

SYNOPSIS
curl [options / URLs]

DESCRIPTION
curl is a tool for transferring data from or to a server using URLs. It
supports these protocols: DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP,
HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP,
SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET, TFTP, WS and WSS.

curl is powered by libcurl for all transfer-related features. See
libcurl(3) for details.

URL
The URL syntax is protocol-dependent. You find a detailed description
in RFC 3986.

If you provide a URL without a leading protocol:// scheme, curl guesses
what protocol you want. It then defaults to HTTP but assumes others
based on often-used hostname prefixes. For example, for hostnames
starting with "ftp." curl assumes you want FTP.

You can specify any amount of URLs on the command line. They are
fetched in a sequential manner in the specified order unless you use
-Z, --parallel. You can specify command line options and URLs mixed and
in any order on the command line.

curl attempts to reuse connections when doing multiple transfers, so
that getting many files from the same server do not use multiple con-
nects and setup handshakes. This improves speed. Connection reuse can
only be done for URLs specified for a single command line invocation
and cannot be performed between separate curl runs.

Provide an IPv6 zone id in the URL with an escaped percentage sign.
Like in

"http://[fe80::3%25eth0]/"

Everything provided on the command line that is not a command line op-
tion or its argument, curl assumes is a URL and treats it as such.

GLOBBING
You can specify multiple URLs or parts of URLs by writing lists within
braces or ranges within brackets. We call this "globbing".

Provide a list with three different names like this:

"http://site.{one,two,three}.com"

Do sequences of alphanumeric series by using [] as in:

"ftp://ftp.example.com/file[1-100].txt"

With leading zeroes:

"ftp://ftp.example.com/file[001-100].txt"

With letters through the alphabet:

"ftp://ftp.example.com/file[a-z].txt"

Nested sequences are not supported, but you can use several ones next
to each other:

"http://example.com/archive[1996-1999]/vol[1-4]/part{a,b,c}.html"

You can specify a step counter for the ranges to get every Nth number
or letter:

"http://example.com/file[1-100:10].txt"

"http://example.com/file[a-z:2].txt"

When using [] or {} sequences when invoked from a command line prompt,
you probably have to put the full URL within double quotes to avoid the
shell from interfering with it. This also goes for other characters
treated special, like for example '&', '?' and '*'.

Switch off globbing with -g, --globoff.

VARIABLES
curl supports command line variables (added in 8.3.0). Set variables
with --variable name=content or --variable name@file (where "file" can
be stdin if set to a single dash (-)).

Variable contents can be expanded in option parameters using "{{name}}"
if the option name is prefixed with "--expand-". This gets the contents
of the variable "name" inserted, or a blank if the name does not exist
as a variable. Insert "{{" verbatim in the string by prefixing it with
a backslash, like "\{{".

You access and expand environment variables by first importing them.
You select to either require the environment variable to be set or you
can provide a default value in case it is not already set. Plain
"--variable %name" imports the variable called "name" but exits with an
error if that environment variable is not already set. To provide a de-
fault value if it is not set, use "--variable %name=content" or
"--variable %name@content".

Example. Get the USER environment variable into the URL, fail if USER
is not set:

--variable '%USER'
--expand-url = "https://example.com/api/{{USER}}/method"

When expanding variables, curl supports a set of functions that can
make the variable contents more convenient to use. It can trim leading
and trailing white space with "trim", it can output the contents as a
JSON quoted string with "json", URL encode the string with "url",
base64 encode it with "b64" and base64 decode it with "64dec". To apply
functions to a variable expansion, add them colon separated to the
right side of the variable. Variable content holding null bytes that
are not encoded when expanded causes an error.

Example: get the contents of a file called $HOME/.secret into a vari-
able called "fix". Make sure that the content is trimmed and per-
cent-encoded when sent as POST data:

--variable %HOME
--expand-variable fix@{{HOME}}/.secret
--expand-data "{{fix:trim:url}}"
https://example.com/

Command line variables and expansions were added in 8.3.0.

OUTPUT
If not told otherwise, curl writes the received data to stdout. It can
be instructed to instead save that data into a local file, using the
-o, --output or -O, --remote-name options. If curl is given multiple
URLs to transfer on the command line, it similarly needs multiple op-
tions for where to save them.

curl does not parse or otherwise "understand" the content it gets or
writes as output. It does no encoding or decoding, unless explicitly
asked to with dedicated command line options.

PROTOCOLS
curl supports numerous protocols, or put in URL terms: schemes. Your
particular build may not support them all.

DICT Lets you lookup words using online dictionaries.

FILE Read or write local files. curl does not support accessing
file:// URL remotely, but when running on Microsoft Windows us-
ing the native UNC approach works. Only absolute paths.

FTP(S) curl supports the File Transfer Protocol with a lot of tweaks
and levers. With or without using TLS.

GOPHER(S)
Retrieve files.

HTTP(S)
curl supports HTTP with numerous options and variations. It can
speak HTTP version 0.9, 1.0, 1.1, 2 and 3 depending on build op-
tions and the correct command line options.

IMAP(S)
Using the mail reading protocol, curl can download emails for
you. With or without using TLS.

LDAP(S)
curl can do directory lookups for you, with or without TLS.

MQTT curl supports MQTT version 3. Downloading over MQTT equals sub-
scribing to a topic while uploading/posting equals publishing on
a topic. MQTT over TLS is not supported (yet).

POP3(S)
Downloading from a pop3 server means getting an email. With or
without using TLS.

RTMP(S)
The Realtime Messaging Protocol is primarily used to serve
streaming media and curl can download it.

RTSP curl supports RTSP 1.0 downloads.

SCP curl supports SSH version 2 scp transfers.

SFTP curl supports SFTP (draft 5) done over SSH version 2.

SMB(S) curl supports SMB version 1 for upload and download.

SMTP(S)
Uploading contents to an SMTP server means sending an email.
With or without TLS.

TELNET Fetching a telnet URL starts an interactive session where it
sends what it reads on stdin and outputs what the server sends
it.

TFTP curl can do TFTP downloads and uploads.

WS(S) WebSocket done over HTTP/1. WSS implies that it works over
HTTPS.

PROGRESS METER
curl normally displays a progress meter during operations, indicating
the amount of transferred data, transfer speeds and estimated time
left, etc. The progress meter displays the transfer rate in bytes per
second. The suffixes (k, M, G, T, P) are 1024 based. For example 1k is
1024 bytes. 1M is 1048576 bytes.

curl displays this data to the terminal by default, so if you invoke
curl to do an operation and it is about to write data to the terminal,
it disables the progress meter as otherwise it would mess up the output
mixing progress meter and response data.

If you want a progress meter for HTTP POST or PUT requests, you need to
redirect the response output to a file, using shell redirect (>), -o,
--output or similar.

This does not apply to FTP upload as that operation does not spit out
any response data to the terminal.

If you prefer a progress bar instead of the regular meter, -#,
--progress-bar is your friend. You can also disable the progress meter
completely with the -s, --silent option.

VERSION
This man page describes curl 8.16.0. If you use a later version,
chances are this man page does not fully document it. If you use an
earlier version, this document tries to include version information
about which specific version that introduced changes.

You can always learn which the latest curl version is by running

curl https://curl.se/info

The online version of this man page is always showing the latest incar-
nation: https://curl.se/docs/manpage.html

OPTIONS
Options start with one or two dashes. Many of the options require an
additional value next to them. If provided text does not start with a
dash, it is presumed to be and treated as a URL.

The short "single-dash" form of the options, -d for example, may be
used with or without a space between it and its value, although a space
is a recommended separator. The long double-dash form, -d, --data for
example, requires a space between it and its value.

Short version options that do not need any additional values can be
used immediately next to each other, like for example you can specify
all the options -O, -L and -v at once as -OLv.

In general, all boolean options are enabled with --option and yet again
disabled with --no-option. That is, you use the same option name but
prefix it with "no-". However, in this list we mostly only list and
show the --option version of them.

When -:, --next is used, it resets the parser state and you start again
with a clean option state, except for the options that are global.
Global options retain their values and meaning even after -:, --next.

If the long option name ends with an equals sign ("="), the argument is
the text following on its right side. (Added in 8.16.0)

The first argument that is exactly two dashes ("--"), marks the end of
options; any argument after the end of options is interpreted as a URL
argument even if it starts with a dash.

curl does little to no verification of the contents of command line ar-
guments. Passing in "creative octets" like newlines might trigger un-
expected results.

The following options are global: --fail-early, --libcurl, --paral-
lel-immediate, --parallel-max-host, --parallel-max, -Z, --parallel, -#,
--progress-bar, --rate, -S, --show-error, --stderr, --styled-output,
--trace-ascii, --trace-config, --trace-ids, --trace-time, --trace and
-v, --verbose.

ALL OPTIONS
--abstract-unix-socket <path>
(HTTP) Connect through an abstract Unix domain socket, instead
of using the network. Note: netstat shows the path of an ab-
stract socket prefixed with "@", however the <path> argument
should not have this leading character.

If --abstract-unix-socket is provided several times, the last
set value is used.

Example:
curl --abstract-unix-socket socketpath https://example.com

See also -x, --proxy.

--ntlm (HTTP) Use NTLM authentication. The NTLM authentication method
was designed by Microsoft and is used by IIS web servers. It is
a proprietary protocol, reverse-engineered by clever people and
implemented in curl based on their efforts. This kind of behav-
ior should not be endorsed, you should encourage everyone who
uses NTLM to switch to a public and documented authentication
method instead, such as Digest.

If you want to enable NTLM for your proxy authentication, then
use --proxy-ntlm.

Providing --ntlm multiple times has no extra effect. Disable it
again with --no-ntlm.

Example:
curl --ntlm -u user:password https://example.com

--ntlm requires that libcurl is built to support TLS. See also
--proxy-ntlm.

--ntlm-wb
(HTTP) Deprecated option (added in 8.8.0).

Enabled NTLM much in the style --ntlm does, but handed over the
authentication to a separate executable that was executed when
needed.

Providing --ntlm-wb multiple times has no extra effect.

Example:
curl --ntlm-wb -u user:password https://example.com

See also -x, --proxy.

--proxy-http2
(HTTP) Negotiate HTTP/2 with an HTTPS proxy. The proxy might
still only offer HTTP/1 and then curl sticks to using that ver-
sion.

This has no effect for any other kinds of proxies.

Providing --proxy-http2 multiple times has no extra effect.
Disable it again with --no-proxy-http2.

Example:
curl --proxy-http2 -x proxy https://example.com

--proxy-http2 requires that libcurl is built to support HTTP/2.
Added in 8.1.0. See also -x, --proxy.

--proxy-insecure
Same as -k, --insecure but used in HTTPS proxy context.

Every secure connection curl makes is verified to be secure be-
fore the transfer takes place. This option makes curl skip the
verification step with a proxy and proceed without checking.

When this option is not used for a proxy using HTTPS, curl veri-
fies the proxy's TLS certificate before it continues: that the
certificate contains the right name which matches the hostname
and that the certificate has been signed by a CA certificate
present in the cert store. See this online resource for further
details: https://curl.se/docs/sslcerts.html

WARNING: using this option makes the transfer to the proxy inse-
cure.

Providing --proxy-insecure multiple times has no extra effect.
Disable it again with --no-proxy-insecure.

Example:
curl --proxy-insecure -x https://proxy https://example.com

See also -x, --proxy and -k, --insecure.

--proxy-key <key>
Specify the filename for your private key when using client cer-
tificates with your HTTPS proxy. This option is the equivalent
to --key but used in HTTPS proxy context.

If --proxy-key is provided several times, the last set value is
used.

Example:
curl --proxy-key here -x https://proxy https://example.com

See also --proxy-key-type and -x, --proxy.

--proxy-key-type <type>
Specify the private key file type your --proxy-key provided pri-
vate key uses. DER, PEM, and ENG are supported. If not speci-
fied, PEM is assumed.

Equivalent to --key-type but used in HTTPS proxy context.

If --proxy-key-type is provided several times, the last set
value is used.

Example:
curl --proxy-key-type DER --proxy-key here -x https://proxy https://example.com

See also -x, --proxy.

-U, --proxy-user <user:password>
Specify the username and password to use for proxy authentica-
tion.

If you use a Windows SSPI-enabled curl binary and do either Ne-
gotiate or NTLM authentication then you can tell curl to select
the username and password from your environment by specifying a
single colon with this option: "-U :".

On systems where it works, curl hides the given option argument
from process listings. This is not enough to protect credentials
from possibly getting seen by other users on the same system as
they still are visible for a moment before being cleared. Such
sensitive data should be retrieved from a file instead or simi-
lar and never used in clear text in a command line.

If --proxy-user is provided several times, the last set value is
used.

Example:
curl --proxy-user smith:secret -x proxy https://example.com

See also -x, --proxy.

--pubkey <key>
(SFTP SCP) Public key filename. Allows you to provide your pub-
lic key in this separate file.

curl attempts to automatically extract the public key from the
private key file, so passing this option is generally not re-
quired. Note that this public key extraction requires libcurl to
be linked against a copy of libssh2 1.2.8 or higher that is it-
self linked against OpenSSL.

If --pubkey is provided several times, the last set value is
used.

Example:
curl --pubkey file.pub sftp://example.com/

See also --socks5.

--socks5-gssapi
Use GSS-API authentication when connecting to a SOCKS5 proxy.
The GSS-API authentication is enabled by default (if curl is
compiled with GSS-API support). Use --socks5-basic to force
username/password authentication to SOCKS5 proxies.

Providing --socks5-gssapi multiple times has no extra effect.
Disable it again with --no-socks5-gssapi.

Example:
curl --socks5-gssapi --socks5 hostname:4096 https://example.com

See also --socks5.

--socks5-gssapi-nec
As part of the GSS-API negotiation a protection mode is negoti-
ated. RFC 1961 says in section 4.3/4.4 it should be protected,
but the NEC reference implementation does not. The option
--socks5-gssapi-nec allows the unprotected exchange of the pro-
tection mode negotiation.

Providing --socks5-gssapi-nec multiple times has no extra ef-
fect. Disable it again with --no-socks5-gssapi-nec.

Example:
curl --socks5-gssapi-nec --socks5 hostname:4096 https://example.com

See also --socks5.

--socks5-gssapi-service <name>
Set the service name for a socks server. Default is
rcmd/server-fqdn.

If --socks5-gssapi-service is provided several times, the last
set value is used.

Example:
curl --socks5-gssapi-service sockd --socks5 hostname:4096 https://example.com

See also --socks5.

--socks5-hostname <host[:port]>
Use the specified SOCKS5 proxy (and let the proxy resolve the
hostname). If the port number is not specified, it is assumed at
port 1080.

To specify proxy on a Unix domain socket, use localhost for
host, e.g. "socks5h://localhost/path/to/socket.sock"

This option overrides any previous use of -x, --proxy, as they
are mutually exclusive.

This option is superfluous since you can specify a socks5 host-
name proxy with -x, --proxy using a socks5h:// protocol prefix.

If --socks5-hostname is provided several times, the last set
value is used.

Example:
curl --socks5-hostname proxy.example:7000 https://example.com

Header And Logo

Peripheral Links

Site Navigation

FreeBSD Manual Pages

Header And Logo

Peripheral Links

Search

Site Navigation

FreeBSD Manual Pages