cURL / Mailing Lists / curl-users / Single Mail


Test of -L option for using cURL with proxy-firewall Cisco ASA

From: MARMOLLE Frank <>
Date: Tue, 12 Sep 2006 12:08:04 +0200


Last august 22th, I sent a post about problems when trying to communicate between a client application using cURL and a target application thru a proxy-firewall Cisco ASA 5520, with POST HTTPS.
The http response given by the Cisco ASA, includes an html page wich seems not to be interpreted and treated correctly by cURL, which falls in error.

Then I've been sugggested to use -L/--location option to manage the url redirection.

So, we recently try this option in our command line :
curl -m 3600 -s -S -i -o TMP08A4008A6.out --data-binary "" -u username:password -L --trace-ascii logfile.log -K TMP08A4008A6.curl

The test failed :
The POST seems to have been switched to GET. By what ? How to avoid it ?
The html response page isn't managed by cURL (?) and the redirection didn't occur.

The trace we obtained, was :

== Info: About to connect() to
== Info: Connected to (xxxxx) port 443
== Info: SSL connection using DES-CBC3-SHA
== Info: Server certificate:
== Info: subject: /CN=xxxxx
== Info: start date: 2006-06-22 17:43:40 GMT
== Info: expire date: 2016-06-19 17:43:40 GMT
== Info: common name: xxxxx (does not match '')
== Info: issuer: /CN=xxxxx
=> Send header, 378 bytes (0x17a)
0000: POST / HTTP/1.1
0011: Authorization: Basic ZTAwNTQyMzpiYjEyMDVydA==
0040: User-Agent: curl/7.9.7 (win32) libcurl 7.9.7 (OpenSSL 0.9.6b)
007f: Host:
0093: Pragma: no-cache
00a5: Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
00e7: Content-Disposition:attachment;filename="test_AP-HM.txt"
0121: Content-Length:43
0134: Content-Type:text/plain
014f: " TEST AP-HM 11 09 2006 ..............."
<= Recv header, 32 bytes (0x20)
0000: HTTP/1.1 301 Moved Permanently
<= Recv header, 29 bytes (0x1d)
0000: Server: Virata-EmWeb/R6_2_0
<= Recv header, 43 bytes (0x2b)
0000: Location:
<= Recv header, 25 bytes (0x19)
0000: Content-Type: text/html
<= Recv header, 20 bytes (0x14)
0000: Content-Length: 99
== Info: Follow to new URL:
== Info: Connection #0 left intact
== Info: Follows Location: to new URL: ''
== Info: Violate RFC 2616/10.3.2 and switch from POST to GET
== Info: Re-using existing connection! (#0)
== Info: Connected to [re-used] (xxxxx) port 443
=> Send header, 344 bytes (0x158)
0000: GET /index.html HTTP/1.1
001a: Authorization: Basic ZTAwNTQyMzpiYjEyMDVydA==
0049: User-Agent: curl/7.9.7 (win32) libcurl 7.9.7 (OpenSSL 0.9.6b)
0088: Host:
009c: Pragma: no-cache
00ae: Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
00f0: Content-Disposition:attachment;filename="test_AP-HM.txt"
012a: Content-Length:43
013d: Content-Type:text/plain
<= Recv header, 17 bytes (0x11)
0000: HTTP/1.1 200 OK
<= Recv header, 29 bytes (0x1d)
0000: Server: Virata-EmWeb/R6_2_0
<= Recv header, 28 bytes (0x1c)
0000: Transfer-Encoding: chunked
<= Recv header, 25 bytes (0x19)
0000: Content-Type: text/html
<= Recv header, 26 bytes (0x1a)
0000: Cache-Control: max-age=0
<= Recv header, 68 bytes (0x44)
0000: Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path
0040: =/
<= Recv header, 27 bytes (0x1b)
0000: Set-Cookie: webvpnlogin=1
<= Recv data, 802 bytes (0x322)
0000: 00000329
000a: <html>.<head>...<META http-equiv="PICS-Label" content='(PICS-1.1
004a: "" l gen true comment "RSACi
008a: North America Server" for "" on
00ca: "2000.11.02T23:36-0800" r (n 0 s 0 v 0 l 0))'>.<meta http-equiv=
010a: "Window-target" content="_top">.<title></title>.</head>.<script
014a: lanaguage="JavaScript">.<!-- hide. if (top != self). {.
018a: top.location = "/index.html". }.// hide -->.</script>.<style
01ca: type ="text/css">.<!--. BODY {font-family: Arial, Helv, sans-se
020a: rif}. TH {color: black; background-color: #ffffff}. TD {color:
024a: black; background-color: #ffffff}. A.PRIMARY {color: black}.
028a: A.SECONDARY {color: black}.-->.</style>.<body bgcolor="white">.<
02ca: table width="100%">.<tr><th align=left valign=center><img src="/
030a: disk0_webvpn/logo-aphm.g
<= Recv data, 910 bytes (0x38e)
0000: if" align=middle>
0013: 0000036a
001d: <font size="+1">&nbsp;</font></th></tr>.</table>.<FORM method=po
005d: st AUTOCOMPLETE="off" ACTION="/index.html">.<center>.<table widt
009d: h="50%">.<tr><th>Login</th></tr>.<tr><td>.<p>Merci de bien voulo
00dd: ir saisir vos code utilisateur et mot de passe</p>..<table>.<tr
011d: ><td align=right><b>utilisateur</b></td><td><INPUT type=text nam
015d: e=username AUTOCOMPLETE="off" VALUE=""></td></tr>.<tr><td align=
019d: right><b>Mot de passe</b></td><td><INPUT type=password name=pass
01dd: word AUTOCOMPLETE="off" VALUE=""></td></tr>.</table><br><table>.
021d: <tr><td><INPUT width=75 style="width:75" type=submit name="Login
025d: " VALUE="Login"></td>.<td><INPUT width=75 style="width:75" type=
029d: reset value="Clear"></td></tr>.</table>.</td></tr>.</table>.</ce
02dd: nter>.<INPUT type=hidden name=next VALUE="">.</FORM>.<script lan
031d: guage="JavaScript">.<!-- hide.document.forms[0].elements[0].focu
035d: s().// hide -->.</script>.</body>.</html>.
0389: 0
== Info: Connection #0 left intact

Have anyone done such http communications with cURL and a proxy-firewall (Cisco ASA) ?
Many thanks
Received on 2006-09-12