From dc8c6f22498148d0a543f0a9b1f94a66896c0cce Mon Sep 17 00:00:00 2001 From: Thomas Vincent Date: Fri, 17 May 2024 21:35:23 -0700 Subject: [PATCH] Chore: Configure cURL options for improved security and performance MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit • Redirect output to a log file in ~/Downloads/curl.log • Require HTTPS protocol for connections • Verify SSL certificate of the peer and host • Ensure certificate status check with OCSP Stapling • Use secure cipher suites and elliptic curves for ECDHE • Automatically set the HTTP Referer header • Set timeout for connection to 30 seconds • Limit maximum operation time to 120 seconds • Retry on transient errors with 3 retries and 5 seconds delay • Retry if connection is refused • Set custom user-agent string to "curl/7.75.0 (darwin20.3.0)" • Store and read cookies in ~/.curl-cookies.txt • Request compressed content where possible • Set maximum of 5 redirections • Limit data transfer rate to 1 Megabyte per second • Allow up to 4 parallel transfers per command line and 8 globally • Use remote timestamp for downloaded files • Include custom headers for preferred languages, encodings, and disable caching. Signed-off-by: Thomas Vincent --- config/.curlrc | 64 +++++++++++++++++++++++--------------------------- 1 file changed, 30 insertions(+), 34 deletions(-) diff --git a/config/.curlrc b/config/.curlrc index f57398d..10c475f 100644 --- a/config/.curlrc +++ b/config/.curlrc @@ -2,55 +2,51 @@ # .curlrc - Configuration file for cURL # Output and Logging -progress-bar -verbose = off -silent -output = ~/Downloads/curl.log -create-dirs +progress-bar # Show progress bar when downloading +output = ~/Downloads/curl.log # Redirect output to a log file +create-dirs # Automatically create necessary directories # Security Options -proto = https -fail-with-body -ssl-reqd -ssl-verify-peer -ssl-verify-host -ciphers = HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4 -curves = X25519:P-521:P-384:P-256 +proto = https # Restrict protocol to HTTPS for security +ssl-reqd # Require SSL/TLS for connections +ssl-verify-peer # Verify the peer's SSL certificate +ssl-verify-host # Verify the host in SSL certificate +ssl-verify-status # Ensure certificate status check with OCSP Stapling +ciphers = HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4 # Secure cipher suites +curves = X25519:P-521:P-384:P-256 # Elliptic curves for ECDHE # HTTP Options -referer = ";auto" -connect-timeout = 30 -max-time = 120 -retry = 3 -retry-delay = 5 -retry-max-time = 60 +referer = ";auto" # Automatically set the HTTP Referer header +connect-timeout = 30 # Set timeout for connection (seconds) +max-time = 120 # Maximum time for entire operation (seconds) +retry = 3 # Set number of retries on transient errors +retry-delay = 5 # Set delay between retries (seconds) +retry-max-time = 60 # Maximum time summarise all retries (seconds) +retry-connrefused # Retry if connection is refused # User Agent -user-agent = "curl/7.75.0 (darwin20.3.0)" +user-agent = "curl/7.75.0 (darwin20.3.0)" # Custom user-agent string # Cookies -cookie = ~/.curl-cookies.txt -cookie-jar = ~/.curl-cookies.txt -cookiefile = ~/.curl-cookies.txt +cookie-jar = ~/.curl-cookies.txt # Path to file where cookies are stored and read # Compression -compressed +compressed # Request compressed content where possible # Redirection -location-trusted -max-redirs = 5 +max-redirs = 5 # Maximum number of redirections to follow # Etiquette -limit-rate = 1M -parallel = 4 -parallel-max = 8 -remote-time +limit-rate = 1M # Limit rate of data transfer to 1 Megabyte per second +parallel = 4 # Allow up to 4 parallel transfers per single command line +parallel-max = 8 # Allow up to 8 parallel transfers globally +remote-time # Use remote's timestamp for downloaded files # Proxy Configuration -# proxy = http://proxy.example.com:8080 -# proxy-user = "username:password" +# proxy = http://proxy.example.com:8080 # Uncomment to use proxy +# proxy-user = "username:password" # Uncomment to set proxy username and password # Custom Headers -header = "Accept-Language: en-US,en;q=0.9" -header = "Accept-Encoding: gzip, deflate" -header = "Cache-Control: no-cache" +header = "Accept-Language: en-US,en;q=0.9" # Preferred languages +header = "Accept-Encoding: gzip, deflate" # Accepted encodings +header = "Cache-Control: no-cache" # Disable caching