How to use fail2ban to protect web (http,dos)

######################
# error_log
######################

[Tue Aug 23 05:26:13 2011] [error] [client 66.249.69.91] (13)Permission denied: access to /index.php denied
[Tue Aug 23 05:26:13 2011] [error] [client 66.249.69.91] (13)Permission denied: access to /index.html denied
[Tue Aug 23 05:26:19 2011] [error] [client 66.249.69.91] (13)Permission denied: access to /index.php denied

######################
# suspect dos attack
######################

sed 's/.*client\s\([0-9.]\+\).*/\1/' www.yourdomain.com-error_log | sort -n | uniq -c | sort -nr | head
  41123 66.249.69.91
  24445 110.45.224.68
   1711 110.45.224.42
   1598 66.249.69.216
    382 66.249.68.209
    175 218.186.19.226
    121 66.249.69.86
     90 96.45.173.3
     82 122.199.152.111
     60 202.95.97.106

grep 66.249.69.91 www.yourdomain.com-error_log | awk '{print $4}' | cut -d: -f1-2 | uniq -c | more
     120 05:20
     121 05:21
     144 05:22
     104 05:23
     91 05:24
     130 05:25

...

######################
# fail2ban filter test
######################

# fail2ban-regex www.yourdomain.com-error_log '[[]client []]'

/usr/share/fail2ban/server/filter.py:442: DeprecationWarning: the md5 module is deprecated; use hashlib instead
  import md5

Running tests
=============

Use regex line : [[]client []]
Use log file   : www.yourdomain.com-error_log


Results
=======

Failregex
|- Regular expressions:
|  [1] [[]client []]
|
`- Number of matches:
   [1] 77483 match(es)

Ignoreregex
|- Regular expressions:
|
`- Number of matches:

Summary
=======

Addresses found:
[1]
    66.249.69.91 (Tue Aug 23 05:20:30 2011)
    66.249.69.91 (Tue Aug 23 05:20:30 2011)
    66.249.69.91 (Tue Aug 23 05:20:30 2011)

    .
    .
    .
    66.249.69.91 (Tue Aug 23 14:58:00 2011)
    66.249.69.91 (Tue Aug 23 14:58:00 2011)
    66.249.69.91 (Tue Aug 23 14:58:00 2011)

Date template hits:
155164 hit(s): MONTH Day Hour:Minute:Second
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second Year
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second
0 hit(s): Year/Month/Day Hour:Minute:Second
0 hit(s): Day/Month/Year Hour:Minute:Second
0 hit(s): Day/MONTH/Year:Hour:Minute:Second
0 hit(s): Month/Day/Year:Hour:Minute:Second
0 hit(s): Year-Month-Day Hour:Minute:Second
0 hit(s): Day-MONTH-Year Hour:Minute:Second[.Millisecond]
0 hit(s): Day-Month-Year Hour:Minute:Second
0 hit(s): TAI64N
0 hit(s): Epoch
0 hit(s): ISO 8601
0 hit(s): Hour:Minute:Second
0 hit(s):

Success, the total number of match is 77573

However, look at the above section 'Running tests' which could contain important
information.


######################
# fail2ban configuration
######################

vi /etc/fail2ban/filter.d/http-get-dos.conf
--------------//------------------
# Fail2Ban configuration file
#
# Author: Hojung Yun
#
# $Revision: 1 $
#

[Definition]

# Option:  failregex
# Notes.:  regex to match the error messages in the logfile. The
#          host must be matched by a group named "host". The tag "" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P[\w\-.^_]+)
# Values:  TEXT
#
failregex = [[]client []]

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =
--------------//------------------
vi /etc/fail2ban/jail.conf
--------------//------------------
[http-get-dos]

enabled  = true
port     = http,https
filter   = http-get-dos
logpath  = /var/log/httpd/www.yourdomain.com-error_log
maxretry = 50  
findtime = 100 
#ban for 1 day in seconds = 86400
bantime  = 86400
action   = iptables[name=HTTP, port=http, protocol=tcp]
--------------//------------------
Note.
* maxretry    : the maximum times of tries before the originating IP gets blocked.
* findtiem        : the time window (in seconds) where the maxretry times should occur, for the IP to get blocked.

즉, 100초 안에 50번의 시도(2초당 1번)가 있을 경우 86400 초 (1일) 동안 밴

service fail2ban restart

watch -dn1 iptables -L -n
-----------//------------
Chain fail2ban-HTTP (1 references)
target     prot opt source               destination
DROP       all  --  66.249.69.91  anywhere
RETURN     all  --  anywhere             anywhere
-----------//------------

#################################
# How to unblock user from fail2ban
#################################

--------- iptables -L -n --------------
Chain fail2ban-HTTP (1 references)
target     prot opt source               destination
DROP       all  --  66.249.69.91  anywhere
RETURN     all  --  anywhere             anywhere
----------------------------------

iptables -D fail2ban-HTTP -s 66.249.69.91 -j DROP

RootKit on CentOS 6.0 (rkhunter)

1. Install Rkhunter
yum install -y rkhunter file

2. Update Rkhunter
rkhunter --update

3. Run a Test Scan (help to prevent false positives):
rkhunter -c

4. Setup a daily scan report:
vi /etc/cron.daily/rkhunter
-----------------//--------------
#!/bin/bash
(
/usr/bin/rkhunter --versioncheck --nocolors
/usr/bin/rkhunter --update --nocolors
/usr/bin/rkhunter --checkall --nocolors --skip-keypress
) | /bin/mail -s 'rkhunter Daily Run (www.bigip.co.kr)' admin@bigip.co.kr

exit 0
-----------------//--------------

5. Change premissions:
chmod 700 /etc/cron.daily/rkhunter

Centos 6/ RedHat 6 connectivity for Openldap server without TLS/Kerberos

To enable Openldap clients on / Linux without tls follow the procedures below:

yum install nss-pam-ldapd (nss and pam modules using LDAP)
yum install pam_ldap (Pam-ldap)

authconfig –enableldap –enableldapauth –ldapserver=192.168.11.8 –ldapbasedn=dc=sachingopal,dc=net –disablesssdauth –updateall

or

you can use authconfig-gtk. Disable kerberos and you should able to login.

How to change timezone

# ln -sf /usr/share/zoneinfo/America/New_York /etc/localtime
# date
Sun Oct 23 14:41:37 EDT 2011

# ln -sf /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
# date
Sun Oct 23 11:41:48 PDT 2011

FTP Error - 500 OOPS: cannot change directory:/home/user

If you have the ftp error below with SELinux enabled, you can disable SELinux to resolve the issue.

[root@localhost ~]# ftp localhost

Connected to localhost (127.0.0.1).

220 (vsFTPd 2.2.2)

Name (localhost:user): user

331 Please specify the password.

Password:

500 OOPS: cannot change directory:/home/user

Login failed.

ftp> quit

Or you can use setsebool

su -

getsebool -a | grep ftp

setsebool -P ftp_home_dir on

getsebool -a | grep ftp

Pam Radius (How to set RADIUS client for Linux)

1. install gcc and pam-devel

yum install -y gcc pam-devel

2. download pam_radius

wget ftp://ftp.freeradius.org/pub/radius/pam_radius-1.3.17.tar.gz

tar xfz pam_radius-1.3.17.tar.gz 

3. compile

cd pam_radius-1.3.17

make

4. copy shared library

cp pam_radius_auth.so /lib/security/

5. edit sshd

vi /etc/pam.d/sshd

Go to the first line of the file, paste this line:

auth        sufficient     /lib/security/pam_radius_auth.so

Note. The “sufficient” tag indicates that if the Radius authentication succeeds then no additional authentication will be required. However, if the Radius authentication fails, a username and password from the system will work. Use "Required" to require strong authentication.

6. Edit or create your /etc/raddb/server file

vi /etc/raddb/server

--------//---------

127.0.0.1       secret      1

routableIPaddress      shared_secret      1

--------//---------

7. From Radius server, create account and add the client to allow to access radius

8. From linux client, add user with no password

userpadd user1

9. Test with ssh to the linux client

-------- radius packet --------

radius server : 10.10.1.122:1812

radius client : 10.10.1.123

# tcpdump -nni eth0 host 10.10.1.122 and port 1812

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

22:30:00.499762 IP 10.10.1.123.3902 > 10.10.1.122.1812: RADIUS, Access Request (1), id: 0xfe length: 86

22:30:00.507723 IP 10.10.1.122.1812 > 10.10.1.123.3902: RADIUS, Access Accept (2), id: 0xfe length: 82

How to force users to logoff

If you have a zombie user logged into a server, or you want to force a user to logout use the “who” command. Type “w” or “who” in a command prompt to see which users are logged in, and then use the pkill command to force them out. pkill -KILL -u “username” Pop in a particular username and boot them out the door.

# w

 18:15:35 up 51 days, 20 min,  2 users,  load average: 0.00, 0.01, 0.00

USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT

test     pts/0    :1.0             21Dec11 44days  0.03s  0.03s bash

root     pts/1    10.31.8.75       18:08    0.00s  0.19s  0.02s w

# pkill -KILL -u test

# w

 18:18:10 up 51 days, 23 min,  2 users,  load average: 0.00, 0.00, 0.00

USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT

root     pts/1    10.31.8.75       18:08    0.00s  0.20s  0.02s w

What is strace?

Strace is quite simply a tool that traces the execution of system calls. In its simplest form it can trace the execution of a binary from start to end, and output a line of text with the name of the system call, the arguments and the return value for every system call over the lifetime of the process.

But it can do a lot more:

• It can filter based on the specific system call or groups of system calls
• It can profile the use of system calls by tallying up the number of times a specific system call is used, and the time taken, and the number of successes and errors.
• It traces signals sent to the process.
• It can attach to any running process by pid.

If you've used other Unix systems, this is similar to "truss". Another (much more comprehensive) is Sun's Dtrace.

How to use it

This is just scratching the surface, and in no particular order of importance:

1) Find out which config files a program reads on startup

Ever tried figuring out why some program doesn't read the config file you thought it should? Had to wrestle with custom compiled or distro-specific binaries that read their config from what you consider the "wrong" location?

The naive approach:

$ strace php 2>&1 | grep php.ini
open("/usr/local/bin/php.ini", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/lib/php.ini", O_RDONLY) = 4
lstat64("/usr/local/lib/php.ini", {st_mode=S_IFLNK|0777, st_size=27, ...}) = 0
readlink("/usr/local/lib/php.ini", "/usr/local/Zend/etc/php.ini", 4096) = 27
lstat64("/usr/local/Zend/etc/php.ini", {st_mode=S_IFREG|0664, st_size=40971, ...}) = 0

So this version of PHP reads php.ini from /usr/local/lib/php.ini (but it tries /usr/local/bin first).

The more sophisticated approach if I only care about a specific syscall:

$ strace -e open php 2>&1 | grep php.ini
open("/usr/local/bin/php.ini", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/lib/php.ini", O_RDONLY) = 4

The same approach work for a lot of other things. Have multiple versions of a library installed at different paths and wonder exactly which actually gets loaded? etc.

2) Why does this program not open my file?

Ever run into a program that silently refuse to read a file it doesn't have read access to, but you only figured out after swearing for ages because you thought it didn't actually find the file? Well, you already know what to do:

$ strace -e open,access 2>&1 | grep your-filename

Look for an open() or access() syscall that fails

3) What is that process doing RIGHT NOW?

Ever had a process suddenly hog lots of CPU? Or had a process seem to be hanging?

Then you find the pid, and do this:

root@dev:~# strace -p 15427
Process 15427 attached - interrupt to quit
futex(0x402f4900, FUTEX_WAIT, 2, NULL 
Process 15427 detached

Ah. So in this case it's hanging in a call to futex(). Incidentally in this case it doesn't tell us all that much - hanging on a futex can be caused by a lot of things (a futex is a locking mechanism in the Linux kernel). The above is from a normally working but idle Apache child process that's just waiting to be handed a request.

But "strace -p" is highly useful because it removes a lot of guesswork, and often removes the need for restarting an app with more extensive logging (or even recompile it).

4) What is taking time?

You can always recompile an app with profiling turned on, and for accurate information, especially about what parts of your own code that is taking time that is what you should do. But often it is tremendously useful to be able to just quickly attach strace to a process to see what it's currently spending time on, especially to diagnose problems. Is that 90% CPU use because it's actually doing real work, or is something spinning out of control.

Here's what you do:

root@dev:~# strace -c -p 11084
Process 11084 attached - interrupt to quit
Process 11084 detached
% time     seconds  usecs/call     calls    errors syscall
------ ----------- ----------- --------- --------- ----------------
 94.59    0.001014          48        21           select
  2.89    0.000031           1        21           getppid
  2.52    0.000027           1        21           time
------ ----------- ----------- --------- --------- ----------------
100.00    0.001072                    63           total
root@dev:~# 

After you've started strace with -c -p you just wait for as long as you care to, and then exit with ctrl-c. Strace will spit out profiling data as above.

In this case, it's an idle Postgres "postmaster" process that's spending most of it's time quietly waiting in select(). In this case it's calling getppid() and time() in between each select() call, which is a fairly standard event loop.

You can also run this "start to finish", here with "ls":

root@dev:~# strace -c >/dev/null ls
% time     seconds  usecs/call     calls    errors syscall
------ ----------- ----------- --------- --------- ----------------
 23.62    0.000205         103         2           getdents64
 18.78    0.000163          15        11         1 open
 15.09    0.000131          19         7           read
 12.79    0.000111           7        16           old_mmap
  7.03    0.000061           6        11           close
  4.84    0.000042          11         4           munmap
  4.84    0.000042          11         4           mmap2
  4.03    0.000035           6         6         6 access
  3.80    0.000033           3        11           fstat64
  1.38    0.000012           3         4           brk
  0.92    0.000008           3         3         3 ioctl
  0.69    0.000006           6         1           uname
  0.58    0.000005           5         1           set_thread_area
  0.35    0.000003           3         1           write
  0.35    0.000003           3         1           rt_sigaction
  0.35    0.000003           3         1           fcntl64
  0.23    0.000002           2         1           getrlimit
  0.23    0.000002           2         1           set_tid_address
  0.12    0.000001           1         1           rt_sigprocmask
------ ----------- ----------- --------- --------- ----------------
100.00    0.000868                    87        10 total

Pretty much what you'd expect, it spents most of it's time in two calls to read the directory entries (only two since it was run on a small directory).

5) Why the **** can't I connect to that server?

Debugging why some process isn't connecting to a remote server can be exceedingly frustrating. DNS can fail, connect can hang, the server might send something unexpected back etc. You can use tcpdump to analyze a lot of that, and that too is a very nice tool, but a lot of the time strace will give you less chatter, simply because it will only ever return data related to the syscalls generated by "your" process. If you're trying to figure out what one of hundreds of running processes connecting to the same database server does for example (where picking out the right connection with tcpdump is a nightmare), strace makes life a lot easier.

This is an example of a trace of "nc" connecting to www.news.com on port 80 without any problems:

$ strace -e poll,select,connect,recvfrom,sendto nc www.news.com 80
sendto(3, "\24\0\0\0\26\0\1\3\255\373NH\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("62.30.112.39")}, 28) = 0
poll([{fd=3, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1
sendto(3, "\213\321\1\0\0\1\0\0\0\0\0\0\3www\4news\3com\0\0\34\0\1", 30, MSG_NOSIGNAL, NULL, 0) = 30
poll([{fd=3, events=POLLIN, revents=POLLIN}], 1, 5000) = 1
recvfrom(3, "\213\321\201\200\0\1\0\1\0\1\0\0\3www\4news\3com\0\0\34\0\1\300\f"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("62.30.112.39")}, [16]) = 153
connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("62.30.112.39")}, 28) = 0
poll([{fd=3, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1
sendto(3, "k\374\1\0\0\1\0\0\0\0\0\0\3www\4news\3com\0\0\1\0\1", 30, MSG_NOSIGNAL, NULL, 0) = 30
poll([{fd=3, events=POLLIN, revents=POLLIN}], 1, 5000) = 1
recvfrom(3, "k\374\201\200\0\1\0\2\0\0\0\0\3www\4news\3com\0\0\1\0\1\300\f"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("62.30.112.39")}, [16]) = 106
connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("62.30.112.39")}, 28) = 0
poll([{fd=3, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1
sendto(3, "\\\2\1\0\0\1\0\0\0\0\0\0\3www\4news\3com\0\0\1\0\1", 30, MSG_NOSIGNAL, NULL, 0) = 30
poll([{fd=3, events=POLLIN, revents=POLLIN}], 1, 5000) = 1
recvfrom(3, "\\\2\201\200\0\1\0\2\0\0\0\0\3www\4news\3com\0\0\1\0\1\300\f"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("62.30.112.39")}, [16]) = 106
connect(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("216.239.122.102")}, 16) = -1 EINPROGRESS (Operation now in progress)
select(4, NULL, [3], NULL, NULL)        = 1 (out [3])

So what happens here?

Notice the connection attempts to /var/run/nscd/socket? They mean nc first tries to connect to NSCD - the Name Service Cache Daemon - which is usually used in setups that rely on NIS, YP, LDAP or similar directory protocols for name lookups. In this case the connects fails.

It then moves on to DNS (DNS is port 53, hence the "sin_port=htons(53)" in the following connect. You can see it then does a "sendto()" call, sending a DNS packet that contains www.news.com. It then reads back a packet. For whatever reason it tries three times, the last with a slightly different request. My best guess why in this case is that www.news.com is a CNAME (an "alias"), and the multiple requests may just be an artifact of how nc deals with that.

Then in the end, it finally issues a connect() to the IP it found. Notice it returns EINPROGRESS. That means the connect was non-blocking - nc wants to go on processing. It then calls select(), which succeeds when the connection was successful.

Try adding "read" and "write" to the list of syscalls given to strace and enter a string when connected, and you'll get something like this:

read(0, "test\n", 1024)                 = 5
write(3, "test\n", 5)                   = 5
poll([{fd=3, events=POLLIN, revents=POLLIN}, {fd=0, events=POLLIN}], 2, -1) = 1
read(3, "
This shows it reading "test" + linefeed from standard in, and writing it back out to the network connection, then calling poll() to wait for a reply, reading the reply from the network connection and writing it to standard out. Everything seems to be working right.

cURL Library

cURL (Client URL Library Functions)

• Translated as the description of the author when Daniel Stenberg 
  curl is a comand line tool for transferring files with URL syntax from the command line using URL syntax file transfer program
  
• I want the address of the page that I put an arbitrary value of the values ​​and return values ​​from page retrieving plays a role.
• Most people want to use cURL in PHP probably be due to an HTTPS connection. 
  socket or other connection method, which many bother to use cURL thing in terms of speed even faster and easier to access because HTTPS.
• cURL module must be installed on the server (Linux - curl.so, Windows - php_curl.dll expansion module required)

Available as a cURL

• HTTPS certificates
• HTTP POST
• HTTP PUT
• FTP upload
• HTTP Form
• cookie
• authentication

cURL, Client URL Library Functions

1. curl_init  : session initiation, return haendeulgap
2. curl_setopt  : option settings
3. curl_exec  : Run the curl
4. curl_errno  : retrieve the error number.
5. curl_error  : produces an error message.
6. curl_getinfo  : Status information is returned.
7. curl_close  : Close the curl session

[Example 1: POST data in a way (simple)]

$ post_data = array ( 
      "name" => "John Doe", 
      "Birthday" => "1980-08-20" 
      ); 
$ ch = curl_init (); 
curl_setopt ($ ch, CURLOPT_URL, http://www. example.com ); curl_setopt ($ ch, CURLOPT_POST, an); curl_setopt ($ ch, CURLOPT_POSTFIELDS, $ post_data); curl_exec ($ ch); ?> 
 

[Example 2: POST data in a way (function)]

function fetch_page ($ url, $ param, $ cookies, $ referer_url) { 
    if (strlen (Trim ($ referer_url)) == 0) $ referer_url = $ url;  
    $ curlsession = curl_init (); 
    curl_setopt ($ curlsession, CURLOPT_URL, \ "$ url \"); 
    curl_setopt ($ curlsession, CURLOPT_POST, an); 
    curl_setopt ($ curlsession, CURLOPT_POSTFIELDS, \ "$ param \"); 
    curl_setopt ($ curlsession, CURLOPT_POSTFIELDSIZE, 0); 
    curl_setopt ($ curlsession, CURLOPT_TIMEOUT, sixty); 
    if ($ && $ cookies cookies! = \ "\") { 
        curl_setopt ($ curlsession, CURLOPT_COOKIE, \ "$ cookies \"); 
    } 
    curl_setopt ($ curlsession, CURLOPT_HEADER, one); / / hedeogap is used to import. To get a cookie calm. 
    curl_setopt ($ curlsession, CURLOPT_USERAGENT, \ "Mozilla/4.0 (Compatible; MSIE 5.01; Windows NT 5.0) \"); 
    curl_setopt ($ curlsession, CURLOPT_REFERER, \ "$ referer_url \");  
    ob_start () ; 
    $ res = curl_exec ($ curlsession); 
    $ buffer = ob_get_contents (); 
    ob_end_clean (); 
    if (! $ buffer) { 
        $ returnVal = \ "Curl Fetch Error: \". curl_error ($ curlsession); 
    } else { 
        $ returnVal = $ buffer; 
    }  
    curl_close ($ curlsession);  
    Return $ returnVal; 
}  
?>

 [Example 3: Transfer Files

$ post_data ['Data [0]'] = "@ image/img_01.jpg"; 
$ post_data ['Data [0]'] = "@ image/img_02.jpg"; 
$ ch = curl_init (); 
curl_setopt ($ ch, CURLOPT_URL, http://www.example.com/upload.php ); curl_setopt ($ ch, CURLOPT_POST, 1); curl_setopt ($ ch, CURLOPT_POSTFIELDS, $ post_data); $ postResult = curl_exec ($ ch) ; ?> 

[Example 4: https connection]

$ ch = curl_init (); 
curl_setopt ($ ch, CURLOPT_URL, " https://www.test.com "); / / access the URL address 
curl_setopt ($ ch, CURLOPT_SSL_VERIFYPEER, FALSE); / / Check the certificate looks like true dll, a lot of time. 
/ / default value is true, be careful, because this part (https connection required at the time) 
curl_setopt ($ ch, CURLOPT_SSLVERSION, three); / / SSL version (https connection required at the time) 
curl_setopt ($ ch , CURLOPT_HEADER, 0); / / the header output or 
curl_setopt ($ ch, CURLOPT_POST, 1); / / Post Get Access or 
curl_setopt ($ ch, CURLOPT_POSTFIELDS, "var1 = str1 & var2 = str2"); / / Post Value Get like the way Write. 
curl_setopt ($ ch, CURLOPT_TIMEOUT, 30); / / TimeOut value 
curl_setopt ($ ch, CURLOPT_RETURNTRANSFER, 1); / / Get result is 
$ result = curl_exec ($ ch); 
curl_close ($ ch); 
echo $ result; 
?>

[Example 5: curl using the Gmail login]

$ Src = " https:// ". $ gmailId.": ". $ gmailPw." @ mail.google.com / mail / feed / atom "; 
$ ch = curl_init (); 
curl_setopt ($ ch, CURLOPT_SSL_VERIFYPEER, TRUE ); 
curl_setopt ($ ch, CURLOPT_TIMEOUT, 10); 
curl_setopt ($ ch, CURLOPT_HEADER, 0); 
curl_setopt ($ ch, CURLOPT_POST, true); 
curl_setopt ($ ch, CURLOPT_FOLLOWLOCATION, 1); 
curl_setopt ($ ch, CURLOPT_URL, $ url); 
curl_setopt ($ ch, CURLOPT_RETURNTRANSFER, TRUE); 
curl_setopt ($ ch, CURLOPT_USERAGENT, 'My Agent Name'); 
curl_setopt ($ ch, CURLOPT_COOKIEJAR, 'cookie.txt'); 
curl_setopt ($ ch, CURLOPT_COOKIEFILE, 'cookie . txt '); 
$ res = curl_exec ($ ch); 
curl_close ($ ch); 
/ ** The result is an Atom xml format. Using DOM or xml parsing function is to parse. ** / 
echo $ res; 
?>

[Example 6: cURL web page using the Import

function get_content ($ url) { 
    $ Agent = 'Mozilla/4.0 (Compatible; MSIE 6.0; Windows NT 5.0)'; 
    $ curlsession = curl_init (); 
    curl_setopt ($ curlsession, CURLOPT_URL, $ url); 
    curl_setopt ($ curlsession, CURLOPT_HEADER, 0); 
    curl_setopt ($ curlsession, CURLOPT_RETURNTRANSFER, 1); 
    curl_setopt ($ curlsession, CURLOPT_POST, 0); 
    curl_setopt ($ curlsession, CURLOPT_USERAGENT, $ Agent); 
    curl_setopt ($ curlsession, CURLOPT_REFERER, ""); 
    curl_setopt ($ curlsession, CURLOPT_TIMEOUT, 3); 
    $ buffer = curl_exec ($ curlsession); 
    $ Cinfo = curl_getinfo ($ curlsession); 
    curl_close ($ curlsession); 
    if ($ Cinfo ['http_code']! = two hundred) 
    { 
        Return "" ; 
    } 
    Return $ buffer; 
} 
?>