Skip to main content
PacketOverwatch
  1. Posts/

Trust But Verify - A Handy Curl Trick

·2 mins
networking security curl troubleshooting tools tips & tricks
Table of Contents

Sometimes it’s not DNS
#

I know. It’s hard to believe, but it can also be things like…a WAF doing content caching?

For context, I was recently helping to troubleshoot some odd behavior with a web server. The web developers had introduced quite a few new changes to help optimize a site and reduce loading times. These changes were properly tested on an identical staging site and only pushed to prod after thorough testing.

Unfortunately, moving the changes to the prod web server didn’t produce the expected results. The site was exhibiting some strange behavior. Additionally, the dev tools console was throwing unexplained errors and the speed optimizations didn’t seem to be working.

TL;DR
#

Since the point of this post is about a curl trick I learned and not to bore you with details, I’ll get to the point. There was one difference between the staging and prod web servers – the web application firewall (WAF) in front of the origin web server. The WAF was also doing content caching and a simple flushing of the cache corrected all of the errors.

How does curl play into this?

When troubleshooting the issue, I was using curl to verify the site’s headers. Being aware of the WAF, I also wanted to check the origin server to validate that the headers were the same in both spots after the changes (spoiler alert, they weren’t).

My typical workflow would be to edit the hosts file to do the check against the origin server. But whether out of laziness, curiosity, or a mix of both, I had the random thought, “I wonder if I can do this with curl?”

The Curl “Trick”
#

As it turns out, the --resolve flag exists for this very reason.

If we have a typical curl command of…

curl -X HEAD -i https://example.com

we can instead use the resolve flag to tell curl to ignore DNS and use a different IP like this…

curl -X HEAD -i --resolve example.com:443:192.0.2.1 https://example.com

…where the resolve parameters are in the format of <host>:<port>:<ip>.

Maybe calling this a trick is a bit of a stretch since it’s quite literally in the man page. Regardless, this is a new-to-me, handy tool that I’ll likely be using again soon.

Josh Jaggard
Author
Josh Jaggard