Using curl for troubleshooting


View only response headers

curl -I only retrieves the header of the resource. The ‘I’ is case sensitive.

root@ubnsrv01:/etc/ssl/certs# curl -I https://site3.lab.com
HTTP/1.1 200 OK
Content-Length: 191
Content-Type: text/html
Last-Modified: Thu, 17 Aug 2017 21:14:18 GMT
Accept-Ranges: bytes
ETag: "40d9a1c99d17d31:0"
Server: Microsoft-IIS/7.5
Date: Sat, 02 Sep 2017 22:58:54 GMT

View response headers and content

curl -i includes the HTTP header in the output along with the site content. Since this URL is terminating on an F5, the HTTP header reports that a redirect is configured for this URL but doesn’t redirect it automatically to the URL. The ‘i’ is case sensitive.

root@ubnsrv01:~/ca/domains# curl -i http://site3.lab.com
HTTP/1.0 302 Found
Location: https://site3.lab.com/
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

Perform auto redirection if redirect is detected

curl -L automatically redirects the request to the correct URL if a redirect error code is reported. But it doesn’t show the redirection in the headers.

root@ubnsrv01:~/ca/domains# curl -L http://site3.lab.com
<html>
<head>

<style>
body {
 background-color: ffcc99
}
</style>
</head>
<body>
<h1 style="font-size:300%;text-align:center;">site3.lab.com on dc1-win-srv02</h1>
</body>
</html>

Auto redirection and view content

curl -L -i when used together, you can see the header as well as the URL redirection happens automatically.

root@ubnsrv01:~/ca/domains# curl -L -i http://site3.lab.com
HTTP/1.0 302 Found
Location: https://site3.lab.com/
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Thu, 17 Aug 2017 21:11:28 GMT
Accept-Ranges: bytes
ETag: "607758649d17d31:0"
Server: Microsoft-IIS/7.5
Date: Sat, 02 Sep 2017 21:43:16 GMT
Connection: close
Content-Length: 193

<html>
<head>

<style>
body {
 background-color: #ccff99

}
</style>
</head>
<body>
<h1 style="font-size:300%;text-align:center;">site3.lab.com on dc1-win-srv01</h>
</body>
</html>

To ignore certificate errors/warnings for HTTPS sites

curl -k ignores HTTPS cert errors and warnings

root@ubnsrv01:/etc/ssl/certs# curl -I -k https://site3.lab.com
HTTP/1.1 200 OK
Content-Length: 193
Content-Type: text/html
Last-Modified: Thu, 17 Aug 2017 21:11:28 GMT
Accept-Ranges: bytes
ETag: "607758649d17d31:0"
Server: Microsoft-IIS/7.5
Date: Sat, 02 Sep 2017 23:41:17 GMT

View HTTPS content

If you want to test an HTTPS site, your client host trust the CA who signed the server’s certificate. You can append the CA certificate to the below file and your host will trust any certificates signed by that CA you added. Ensure you take backup of the cert file before making any changes to it.

root@ubnsrv01:/etc/ssl/certs# ls -l | grep ca-certificates.crt 
-rw-r--r-- 1 root root 276535 Sep 2 19:25 ca-certificates.crt

If the CA is not trusted, you get the below error;

</html>root@ubnsrv01:/etc/ssl/certs# curl -i https://site1.lab.com 
curl: (35) gnutls_handshake() failed: Handshake failed

If the CA is trusted, you will receive a response;

root@ubnsrv01:/etc/ssl/certs# curl -i https://site3.lab.com
HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Thu, 17 Aug 2017 21:11:28 GMT
Accept-Ranges: bytes
ETag: "607758649d17d31:0"
Server: Microsoft-IIS/7.5
Date: Sat, 02 Sep 2017 22:49:11 GMT
Content-Length: 193

View HTTPS content for a site configured with SSL client authentication

curl – – cert <certificate.pem>  – – key <key.pem> can be used for testing SSL client authentication scenarios. If you have a virtual server configured with a client SSL profile that requires client certificate to be authenticated by the F5 LTM, then you need to specify which cert and key should be used for the client authentication. You can use the – – include here as well to get the header data.

Note that since we have requested https:// it doesn’t need the -L option to be used as there is no further redirection configured for HTTPS. Also, you cannot ignore client authentication errors by using -k.

root@ubnsrv01:~/ca/domains# curl -i https://site1.lab.com --cert /root/ca/domains/ubnsrv01-cert.pem --key /root/ca/domains/ubnsrv01-key.pem 
HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Thu, 17 Aug 2017 21:36:28 GMT
Accept-Ranges: bytes
ETag: "60dd52e2a017d31:0"
Server: Microsoft-IIS/7.5
Date: Sat, 02 Sep 2017 21:54:20 GMT
Content-Length: 192

<html>
<head>

<style>
body {
 background-color: #ccff99
}
</style>
</head>
<body>
<h1 style="font-size:300%;text-align:center;">site1.lab.com on dc1-win-srv01</h1>
</body>
</html>

 

Use other HTTP methods using curl

curl -v prints verbose output (includes request and response HTTP headers)

root@ubnsrv01:~$ curl -v -X OPTIONS https://site3.lab.com
!
> OPTIONS / HTTP/1.1
> Host: site3.lab.com
> User-Agent: curl/7.47.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Allow: OPTIONS, TRACE, GET, HEAD, POST
< Server: Microsoft-IIS/7.5
< Public: OPTIONS, TRACE, GET, HEAD, POST
< Date: Sun, 22 Oct 2017 13:01:18 GMT
< Content-Length: 0

 

root@ubnsrv01:~$ curl -v -X TRACE https://site3.lab.com
!
> TRACE / HTTP/1.1
> Host: site3.lab.com
> User-Agent: curl/7.47.0
> Accept: */*
> 
< HTTP/1.1 501 Not Implemented
< Content-Type: text/html
< Server: Microsoft-IIS/7.5
< Date: Sun, 22 Oct 2017 13:01:04 GMT
< Content-Length: 1508

 

Test the time response from the application

time curl http://172.16.5.11

Output syntax appears similar to the following example:

<html>
<head>
---
</body>
</html>
real 0m18.032s
user 0m0.030s
sys 0m0.060s

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s