If you are using curl to target a specific URL to retrieve files, test API endpoints, debug network traffic, etc., the server hosting the resource may respond with a 3xx HTTP status code.
This response indicates that the requested content is no longer available at the original URL and has been moved to a different location. By default, curl does not follow redirects.
Find out how to make curl follow redirects and when to use additional flags to control redirect behavior.
Prerequisites
curlinstalled.- Access to the command line/terminal.
How to Make curl Follow Redirects?
curl does not follow redirects automatically because they can increase the number of network requests, change the network protocol, or lead to untrusted or insecure domains.
You can enable curl redirects manually using the -L or --location option.
If the server returns a 3xx response with a Location: header, the -L option directs curl to follow the new URL and retrieve the final resource.
The retrieved content is printed directly in the terminal.
curl Redirect Syntax
Use the following syntax to make curl follow a redirect:
curl -L [options] [URL] Replace the [URL] placeholder with the actual target address. For more control over the redirection process, you can include additional options to modify how curl handles redirects.
The table below lists redirect-related curl options:
| Option | Description |
|---|---|
-i | Include the final HTTP header response in the output. |
-v | Display each redirect step and response headers in the terminal. |
--max-redirs <n> | Limit the number of redirects to follow. |
--proto-redir | Define which protocols curl is allowed to follow during redirects. |
--post301 | Continue using the POST method after a 301 redirect. |
--post302 | Continue using the POST method after a 302 redirect. |
--post303 | Continue using the POST method after a 303 redirect. |
--location-trusted | Send credentials during all redirections. |
Note: Unlike curl, the wget command follows redirects automatically and is a great alternative for downloading files over a network. Learn more about the differences between wget and curl in our comparison guide.
curl Redirect Examples
The following examples show how to follow redirects and retrieve content using curl without compromising security or overburdening your system with unnecessary requests.
How to Print curl Redirects to Terminal
Using the -L option tells curl to follow redirects and display the final response body in the terminal. To view the response header and HTTP status code, use the -i option in conjunction with the -L flag:
curl -L -i https://destinationURL.com The terminal displays the response headers, which include the final URL and status code, followed by the content. However, it only shows the final hop, not the full redirect chain.
If there are multiple redirects, use the -v option to review each step in the redirect chain:
curl -L -v https://destinationURL.comThe information provided by the -v flag, which includes intermediate requests, response headers, and redirect URLs, can help you audit and debug the redirection steps curl took.
How to Set Maximum Allowed Redirects
The curl redirect option automatically follows up to 50 redirects. A missconfigured server can lead to redirect loops, causing curl to follow each redirection repeatedly and put an unnecessary load on your system.
To avoid excessive network requests, limit the number of redirects by using the --max-redirs <n> option. The following command follows up to 5 redirects before stopping:
curl -L --max-redirs 5 https://www.destinationURL.com Replace 5 with the number of redirects appropriate for your use case.
Control Protocol Scheme Changes During Redirects
Depending on how the redirection is configured, the protocol or URL scheme, such as http, https, or file, may change between redirect hops. This can cause unexpected behavior or expose sensitive data, including tokens, credentials, and other confidential information, especially in automated scripts or API calls.
The --proto-redir option allows users to restrict which protocols curl is allowed to follow during redirects. For example, the following command instructs curl to only follow redirects that use the https protocol:
curl -L --proto-redir =https https://www.destintaionURL.comNote: Forcing requests to stay within the secure HTTPS protocol is an effective way to mitigate the risk of cyber attacks, such as man-in-the-middle (MITM) attacks.
How to Tell curl Not to Change POST Request Method to GET for 301, 302, and 303
By default, curl changes a POST request to GET when following a 301, 302, or 303 redirect. This can be an issue when sending form data or making an API call, where preserving the request method is critical for the request to succeed.
To instruct curl to keep using POST after a redirect, use the appropriate option for the specific status code. For example, to preserve POST after a 301 redirect, enter:
curl -L --post301 -X POST -d "username=becket&password=PizzaAt1676MainSt" http://destinationURL.com/loginIn most cases, it is difficult to know which redirect status will be returned, or if the redirect affects the request method. To ensure the method is maintained, you can include all three options in the same command:
curl -L --post301 --post302 --post303 -X POST -d "username=becket&password=PizzaAt1676MainSt" http://destinationURL.com/loginNote: For more examples, refer to our sending POST requests with curl guide.
How to Authenticate the User when Redirecting to a Different Hostname
Routing credentials via a redirect is always a security risk, as there is no guarantee that the next hop is not a malicious endpoint designed to capture authentication data. Â
To prevent data leaks, curl does not forward credentials across redirects to a different host by default. The --location-trusted option overrides this default setting and allows users to pass their credentials to redirect locations, even if they point to a different domain: Â
curl -L --location-trusted -u username:password https://destinationURL.comTo reduce the exposure of sensitive credentials, you can limit the number of allowed redirects in a single command:
curl -L --location-trusted --max-redirs 3 -u username:password https://destinationURL.comNote: Avoid passing credentials through redirects unless you fully trust every destination in the redirection chain.
Capture Final URL
curl also enables users to validate and confirm the destination of a potentially untrusted URL without downloading its content, headers, or redirect info. Enter the following curl command to determine the final redirect URL:
curl -Ls -o /dev/null -w "%{url_effective}\n" https://destinationURL.com
The terminal only displays the final URL, even if multiple redirects occurred.
Conclusion
After reading this tutorial, you know how to make curl follow redirects and control how redirects are handled. The article also provided practical examples of common use cases.
To learn more about what curl can do, read how to show and send HTTP headers with curl.
