TIPS - Curl : Différence entre versions

De PedroWiki
(Only request response headers)
 
(2 révisions intermédiaires par le même utilisateur non affichées)
Ligne 4 : Ligne 4 :
  
 
= Curl calls =
 
= Curl calls =
 +
 +
== Curl with verbose result ==
 +
 +
Curl option: -v (or --verbose).
  
 
== Fake the DNS resolution ==
 
== Fake the DNS resolution ==
Ligne 11 : Ligne 15 :
 
* your website is behind a reverse proxy, but you want to access the underlying web service with appropriate host header in your request.
 
* your website is behind a reverse proxy, but you want to access the underlying web service with appropriate host header in your request.
  
  curl --resolv <my.domain>:443:<IP> https://<my.domain>[/<my_uri>]
+
  curl --resolve <my.domain>:443:<IP> https://<my.domain>[/<my_uri>]
  
 
== Add a request header ==
 
== Add a request header ==
  
Curl option: -H
+
Curl option: -H (or --header).
  
 
Sample call:
 
Sample call:
  
 
  curl -IL -H '<header name>:<header value>' https://<URL to curl>
 
  curl -IL -H '<header name>:<header value>' https://<URL to curl>
 +
 +
== Only request response headers ==
 +
 +
Curl option: -I
 +
 +
See previous sample.
 +
 +
== Request CORS headers ==
 +
 +
curl -I -X OPTIONS -H "Origin: http://EXAMPLE.COM" -H 'Access-Control-Request-Method: GET' http://EXAMPLE.COM/SOMETHING 2>&1 | grep 'Access-Control-Allow-Origin'
 +
 +
== Don't check SSL certificate ==
 +
 +
This option may be useful in some situations:
 +
* SSL deep inspection on the path, recyphering being done with a self-signed certificate or a cert emitted by a CA not present in your local CA store.
 +
* Test a WAF or reverse proxy configuration not totally ready regarding SSL configuration.
 +
 +
Curl option: -k (or --insecure).
 +
 +
Sample:
 +
 +
curl -k https://<IP> -I -v --header 'Host:<the real hostname your request for>'
 +
 +
[[Category:Howto]]
 +
[[Category:Linux]]
 +
[[Category:Web]]
 +
[[Category:Troubleshooting]]

Version actuelle datée du 25 septembre 2023 à 14:51

Introduction

This article lists a few ways to call curl, depending on your need.

Curl calls

Curl with verbose result

Curl option: -v (or --verbose).

Fake the DNS resolution

Use case:

  • your website is behind a WAF and the FQDN resolves to it instead of the web server directly (the origin).
  • your website is behind a reverse proxy, but you want to access the underlying web service with appropriate host header in your request.
curl --resolve <my.domain>:443:<IP> https://<my.domain>[/<my_uri>]

Add a request header

Curl option: -H (or --header).

Sample call:

curl -IL -H '<header name>:<header value>' https://<URL to curl>

Only request response headers

Curl option: -I

See previous sample.

Request CORS headers

curl -I -X OPTIONS -H "Origin: http://EXAMPLE.COM" -H 'Access-Control-Request-Method: GET' http://EXAMPLE.COM/SOMETHING 2>&1 | grep 'Access-Control-Allow-Origin'

Don't check SSL certificate

This option may be useful in some situations:

  • SSL deep inspection on the path, recyphering being done with a self-signed certificate or a cert emitted by a CA not present in your local CA store.
  • Test a WAF or reverse proxy configuration not totally ready regarding SSL configuration.

Curl option: -k (or --insecure).

Sample:

curl -k https://<IP> -I -v --header 'Host:<the real hostname your request for>'