{"id":13717,"date":"2020-03-30T16:37:48","date_gmt":"2020-03-30T14:37:48","guid":{"rendered":"https:\/\/daniel.haxx.se\/blog\/?p=13717"},"modified":"2020-03-30T16:37:48","modified_gmt":"2020-03-30T14:37:48","slug":"curl-ootw-proxy-basic","status":"publish","type":"post","link":"https:\/\/daniel.haxx.se\/blog\/2020\/03\/30\/curl-ootw-proxy-basic\/","title":{"rendered":"curl ootw: –proxy-basic"},"content":{"rendered":"\n

Previous command line options of the week<\/a>.<\/p>\n\n\n\n

--proxy-basic<\/a><\/code> has no short option. This option is closely related to the option --proxy-user<\/a><\/code>, which has as separate blog post.<\/p>\n\n\n\n

This option has been provided and supported since curl 7.12.0, released in June 2004.<\/p>\n\n\n\n

Proxy<\/h2>\n\n\n\n

In curl terms, a proxy is an explicit middle man that is used to go through<\/em> when doing a transfer to or from a server:<\/p>\n\n\n\n

curl <=> proxy <=> server<\/strong><\/p>\n\n\n\n

curl supports several different kinds of proxies. This option is for HTTP(S) proxies.<\/p>\n\n\n\n

HTTP proxy authentication<\/h2>\n\n\n\n

Authentication<\/strong>: the process or action of proving or showing something to be true, genuine, or valid.<\/p><\/blockquote>\n\n\n\n

When it comes to proxies and curl, you typically provide name and password to be allowed to use the service. If the client provides the wrong user or password, the proxy will simply deny the client access with a 407 HTTP response code.<\/p>\n\n\n\n

curl supports several different HTTP proxy authentication methods, and the proxy can itself reply and inform the client which methods it supports. With the option of this week, --proxy-basic<\/code>, you ask curl to do the authentication using the Bas<\/em>ic method. “Basic” is indeed very basic but is the actual name of the method. Defined in RFC 7616<\/a>.<\/p>\n\n\n\n

Security<\/h2>\n\n\n\n

The Basic method sends the user and password in the clear<\/em> in the HTTP headers – they’re just base64 encoded. This is notoriously insecure.<\/p>\n\n\n\n

If the proxy is a HTTP proxy (as compared to a HTTPS proxy), users on your network or on the path between you and your HTTP proxy can see your credentials fly by!<\/p>\n\n\n\n

If the proxy is a HTTPS proxy however, the connection to it is protected by TLS and everything is encrypted over the wire and then the credentials that is sent in HTTP are protected from snoopers.<\/p>\n\n\n\n

Also note that if you pass in credentials to curl on the command line, they might be readable in the script where you do this from. Or if you do it interactively in a shell prompt, they might<\/em> be viewable in process listings on the machine – even if curl tries to hide them it isn’t supported everywhere.<\/p>\n\n\n\n

Example<\/h2>\n\n\n\n

Use a proxy with your name and password and ask for the Basic method specifically. Basic is also the default unless anything else is asked for.<\/p>\n\n\n\n

curl --proxy-user daniel:password123 --proxy-basic --proxy http:\/\/myproxy.example https:\/\/example.com<\/pre>\n\n\n\n
Related<\/h2>\n\n\n\n
With --proxy<\/a><\/code> you specify the proxy to use, and with --proxy-user<\/a><\/code> you provide the credentials.<\/p>\n\n\n\n
Also note that you can of course set and use entirely different credentials and HTTP authentication methods with the remote server even while using Basic with the HTTP(S) proxy.<\/p>\n\n\n\n
There are also other authentication methods to selected, with --proxy-anyauth<\/a><\/code> being a very practical one to know about.<\/p>\n","protected":false},"excerpt":{"rendered":"
Previous command line options of the week. –proxy-basic has no short option. This option is closely related to the option –proxy-user, which has as separate blog post. This option has been provided and supported since curl 7.12.0, released in June 2004. Proxy In curl terms, a proxy is an explicit middle man that is used … Continue reading curl ootw: –proxy-basic<\/span> →<\/span><\/a><\/p>\n","protected":false},"author":5,"featured_media":13041,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[33,486,316],"class_list":["post-13717","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-curl","tag-curl-and-libcurl","tag-option-of-the-week","tag-proxy"],"_links":{"self":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts\/13717","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/comments?post=13717"}],"version-history":[{"count":10,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts\/13717\/revisions"}],"predecessor-version":[{"id":13828,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts\/13717\/revisions\/13828"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/media\/13041"}],"wp:attachment":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/media?parent=13717"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/categories?post=13717"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/tags?post=13717"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}