If Windows host machine is running behind any proxy (e.g. corporate proxy in office network), then it is required to pass/configure Proxy server and Proxy Authentication for cURL commands.
Let's explore multiple ways to do it.
CURL option "proxy" and "proxy-user"
cURL command has option -x, --proxy [protocol://]host[:port] and -U, --proxy-user <user:password> to directly pass Proxy server and Proxy Authentication details. This approach introduces Command line leakage problem. Also, we don't want to type it each time. So let's move towards permanent solution.
abhijit@AwsJunkie:~$ curl --manual
-U, --proxy-user <user:password>
Specify the user name and password to use for proxy authentica-
tion.
If you use a Windows SSPI-enabled curl binary and do either Ne-
gotiate or NTLM authentication then you can tell curl to select
the user name and password from your environment by specifying a
single colon with this option: "-U :".
On systems where it works, curl will hide the given option argu-
ment from process listings. This is not enough to protect cre-
dentials from possibly getting seen by other users on the same
system as they will still be visible for a brief moment before
cleared. Such sensitive data should be retrieved from a file in-
stead or similar and never used in clear text in a command line.
If this option is used several times, the last one will be used.
-x, --proxy [protocol://]host[:port]
Use the specified proxy.
The proxy string can be specified with a protocol:// prefix. No
protocol specified or http:// will be treated as HTTP proxy. Use
socks4://, socks4a://, socks5:// or socks5h:// to request a spe-
cific SOCKS version to be used. (The protocol support was added
in curl 7.21.7)
HTTPS proxy support via https:// protocol prefix was added in
7.52.0 for OpenSSL, GnuTLS and NSS.
Unrecognized and unsupported proxy protocols cause an error
since 7.52.0. Prior versions may ignore the protocol and use
http:// instead.
If the port number is not specified in the proxy string, it is
assumed to be 1080.
This option overrides existing environment variables that set
the proxy to use. If there's an environment variable setting a
proxy, you can set proxy to "" to override it.
All operations that are performed over an HTTP proxy will trans-
parently be converted to HTTP. It means that certain protocol
specific operations might not be available. This is not the case
if you can tunnel through the proxy, as one with the -p, --prox-
ytunnel option.
User and password that might be provided in the proxy string are
URL decoded by curl. This allows you to pass in special charac-
ters such as @ by using %40 or pass in a colon with %3a.
The proxy host can be specified the exact same way as the proxy
environment variables, including the protocol prefix (http://)
and the embedded user + password.
If this option is used several times, the last one will be used.
Note:
If user/password contains any special characters (e.g. '@' and ':') then use any urlencoder (e.g. https://www.urlencoder.org/) to encode that special character ('%40' and '%3A') and replace the same in user/password. As mentioned in the curl --manual it gets URL decoded by curl.
Environment Variables in Bash Profile
Though setting of environment variables http_proxy and https_proxy using exportcommand works in temporary session, but we can make it permanent by updating bash profile (~/.profile).
Let's open ~/.profile
abhijit@AwsJunkie:~$ sudo nano ~/.profile
Append following variables.
http_proxy="http://user:[email protected]:8080"
https_proxy="http://user:[email protected]:8080"
Load the change.
abhijit@AwsJunkie:~$ source ~/.profile
Verify
abhijit@AwsJunkie:~$ curl -I example.com
HTTP/1.1 200 OK
Content-Encoding: gzip
Accept-Ranges: bytes
Age: 235046
Cache-Control: max-age=604800
Content-Type: text/html; charset=UTF-8
Date: Sun, 11 Sep 2022 05:18:38 GMT
Etag: "3147526947"
Expires: Sun, 18 Sep 2022 05:18:38 GMT
Last-Modified: Thu, 17 Oct 2019 07:18:26 GMT
Server: ECS (chb/0286)
X-Cache: HIT
Content-Length: 648
Note:
All these environemnt variables are also applicable to other applications (e.g. wget) that use http_proxy and https_proxy.
"Config File" feature of cURL
Unless -q option is used, cURL always reads command-line options written in default config file (~/.curlrc) along with command line entries. If your usecase is to use Proxy only for cURL commands then probably this is best possible option.
Open/Create cURL config file.
abhijit@AwsJunkie:~$ sudo nano ~/.curlrc
Append following two variables.
proxy=http://127.0.0.1:8080
proxy-user=user:password
Verify.
abhijit@AwsJunkie:~$ curl -I example.com
HTTP/1.1 200 OK
Content-Encoding: gzip
Accept-Ranges: bytes
Age: 236633
Cache-Control: max-age=604800
Content-Type: text/html; charset=UTF-8
Date: Sun, 11 Sep 2022 05:45:05 GMT
Etag: "3147526947"
Expires: Sun, 18 Sep 2022 05:45:05 GMT
Last-Modified: Thu, 17 Oct 2019 07:18:26 GMT
Server: ECS (chb/0286)
X-Cache: HIT
Content-Length: 648
To avoid Network leakage, it is recomended to use HTTPS proxy or authetication schemes Digest (--digest), Negotiate (--negotiate) and NTLM (--ntlm) for HTTP proxy.
Please let me know which one works best for your usecase? Or if I missed any better option that you are using, please share with us too. Thanks in advance.
![[new capability] Amazon EC2 supports disabling Amazon Machine Image (or AMI)](https://cdn.awsjunkie.com/content/2023/10/disable-ami-new-amazon-ec2-capability.jpg)
