Please be aware that Wget needs to know the size of the POST data inadvance.  Therefore the argument to @code{--post-file} must be a regularfile; specifying a FIFO or something like @file{/dev/stdin} won't work.It's not quite clear how to work around this limitation inherent inHTTP/1.0.  Although HTTP/1.1 introduces @dfn{chunked} transfer thatdoesn't require knowing the request length in advance, a client can'tuse chunked unless it knows it's talking to an HTTP/1.1 server.  And itcan't know that until it receives a response, which in turn requires therequest to have been completed -- a chicken-and-egg problem.Note: if Wget is redirected after the POST request is completed, itwill not send the POST data to the redirected URL.  This is becauseURLs that process POST often respond with a redirection to a regularpage, which does not desire or accept POST.  It is not completelyclear that this behavior is optimal; if it doesn't work out, it mightbe changed in the future.This example shows how to log to a server using POST and then proceed todownload the desired pages, presumably only accessible to authorizedusers:@example@group# @r{Log in to the server.  This can be done only once.}wget --save-cookies cookies.txt \     --post-data 'user=foo&password=bar' \     http://server.com/auth.php# @r{Now grab the page or pages we care about.}wget --load-cookies cookies.txt \     -p http://server.com/interesting/article.php@end group@end exampleIf the server is using session cookies to track user authentication,the above will not work because @samp{--save-cookies} will not savethem (and neither will browsers) and the @file{cookies.txt} file willbe empty.  In that case use @samp{--keep-session-cookies} along with@samp{--save-cookies} to force saving of session cookies.@cindex Content-Disposition@item --content-dispositionIf this is set to on, experimental (not fully-functional) support for@code{Content-Disposition} headers is enabled. This can currently result inextra round-trips to the server for a @code{HEAD} request, and is knownto suffer from a few bugs, which is why it is not currently enabled by default.This option is useful for some file-downloading CGI programs that use@code{Content-Disposition} headers to describe what the name of adownloaded file should be.@cindex authentication@item --auth-no-challengeIf this option is given, Wget will send Basic HTTP authenticationinformation (plaintext username and password) for all requests, justlike Wget 1.10.2 and prior did by default.Use of this option is not recommended, and is intended only to supportsome few obscure servers, which never send HTTP authenticationchallenges, but accept unsolicited auth info, say, in addition toform-based authentication.@end table@node HTTPS (SSL/TLS) Options@section HTTPS (SSL/TLS) Options@cindex SSLTo support encrypted HTTP (HTTPS) downloads, Wget must be compiledwith an external SSL library, currently OpenSSL.  If Wget is compiledwithout SSL support, none of these options are available.@table @samp@cindex SSL protocol, choose@item --secure-protocol=@var{protocol}Choose the secure protocol to be used.  Legal values are @samp{auto},@samp{SSLv2}, @samp{SSLv3}, and @samp{TLSv1}.  If @samp{auto} is used,the SSL library is given the liberty of choosing the appropriateprotocol automatically, which is achieved by sending an SSLv2 greetingand announcing support for SSLv3 and TLSv1.  This is the default.Specifying @samp{SSLv2}, @samp{SSLv3}, or @samp{TLSv1} forces the useof the corresponding protocol.  This is useful when talking to old andbuggy SSL server implementations that make it hard for OpenSSL tochoose the correct protocol version.  Fortunately, such servers arequite rare.@cindex SSL certificate, check@item --no-check-certificateDon't check the server certificate against the available certificateauthorities.  Also don't require the URL host name to match the commonname presented by the certificate.As of Wget 1.10, the default is to verify the server's certificateagainst the recognized certificate authorities, breaking the SSLhandshake and aborting the download if the verification fails.Although this provides more secure downloads, it does breakinteroperability with some sites that worked with previous Wgetversions, particularly those using self-signed, expired, or otherwiseinvalid certificates.  This option forces an ``insecure'' mode ofoperation that turns the certificate verification errors into warningsand allows you to proceed.If you encounter ``certificate verification'' errors or ones sayingthat ``common name doesn't match requested host name'', you can usethis option to bypass the verification and proceed with the download.@emph{Only use this option if you are otherwise convinced of thesite's authenticity, or if you really don't care about the validity ofits certificate.}  It is almost always a bad idea not to check thecertificates when transmitting confidential or important data.@cindex SSL certificate@item --certificate=@var{file}Use the client certificate stored in @var{file}.  This is needed forservers that are configured to require certificates from the clientsthat connect to them.  Normally a certificate is not required and thisswitch is optional.@cindex SSL certificate type, specify@item --certificate-type=@var{type}Specify the type of the client certificate.  Legal values are@samp{PEM} (assumed by default) and @samp{DER}, also known as@samp{ASN1}.@item --private-key=@var{file}Read the private key from @var{file}.  This allows you to provide theprivate key in a file separate from the certificate.@item --private-key-type=@var{type}Specify the type of the private key.  Accepted values are @samp{PEM}(the default) and @samp{DER}.@item --ca-certificate=@var{file}Use @var{file} as the file with the bundle of certificate authorities(``CA'') to verify the peers.  The certificates must be in PEM format.Without this option Wget looks for CA certificates at thesystem-specified locations, chosen at OpenSSL installation time.@cindex SSL certificate authority@item --ca-directory=@var{directory}Specifies directory containing CA certificates in PEM format.  Eachfile contains one CA certificate, and the file name is based on a hashvalue derived from the certificate.  This is achieved by processing acertificate directory with the @code{c_rehash} utility supplied withOpenSSL.  Using @samp{--ca-directory} is more efficient than@samp{--ca-certificate} when many certificates are installed becauseit allows Wget to fetch certificates on demand.Without this option Wget looks for CA certificates at thesystem-specified locations, chosen at OpenSSL installation time.@cindex entropy, specifying source of@cindex randomness, specifying source of@item --random-file=@var{file}Use @var{file} as the source of random data for seeding thepseudo-random number generator on systems without @file{/dev/random}.On such systems the SSL library needs an external source of randomnessto initialize.  Randomness may be provided by EGD (see@samp{--egd-file} below) or read from an external source specified bythe user.  If this option is not specified, Wget looks for random datain @code{$RANDFILE} or, if that is unset, in @file{$HOME/.rnd}.  Ifnone of those are available, it is likely that SSL encryption will notbe usable.If you're getting the ``Could not seed OpenSSL PRNG; disabling SSL.'' error, you should provide random data using some of the methodsdescribed above.@cindex EGD@item --egd-file=@var{file}Use @var{file} as the EGD socket.  EGD stands for @dfn{EntropyGathering Daemon}, a user-space program that collects data fromvarious unpredictable system sources and makes it available to otherprograms that might need it.  Encryption software, such as the SSLlibrary, needs sources of non-repeating randomness to seed the randomnumber generator used to produce cryptographically strong keys.OpenSSL allows the user to specify his own source of entropy using the@code{RAND_FILE} environment variable.  If this variable is unset, orif the specified file does not produce enough randomness, OpenSSL willread random data from EGD socket specified using this option.If this option is not specified (and the equivalent startup command isnot used), EGD is never contacted.  EGD is not needed on modern Unixsystems that support @file{/dev/random}.@end table@node FTP Options@section FTP Options@table @samp@cindex ftp user@cindex ftp password@cindex ftp authentication@item --ftp-user=@var{user}@itemx --ftp-password=@var{password}Specify the username @var{user} and password @var{password} on an@sc{ftp} server.  Without this, or the corresponding startup option, the password defaults to @samp{-wget@@}, normally used for anonymous FTP.Another way to specify username and password is in the @sc{url} itself(@pxref{URL Format}).  Either method reveals your password to anyone whobothers to run @code{ps}.  To prevent the passwords from being seen,store them in @file{.wgetrc} or @file{.netrc}, and make sure to protectthose files from other users with @code{chmod}.  If the passwords arereally important, do not leave them lying in those files either---editthe files and delete them after Wget has started the download.@iftexFor more information about security issues with Wget, @xref{SecurityConsiderations}.@end iftex@cindex .listing files, removing@item --no-remove-listingDon't remove the temporary @file{.listing} files generated by @sc{ftp}retrievals.  Normally, these files contain the raw directory listingsreceived from @sc{ftp} servers.  Not removing them can be useful fordebugging purposes, or when you want to be able to easily check on thecontents of remote server directories (e.g. to verify that a mirroryou're running is complete).Note that even though Wget writes to a known filename for this file,this is not a security hole in the scenario of a user making@file{.listing} a symbolic link to @file{/etc/passwd} or something andasking @code{root} to run Wget in his or her directory.  Depending onthe options used, either Wget will refuse to write to @file{.listing},making the globbing/recursion/time-stamping operation fail, or thesymbolic link will be deleted and replaced with the actual@file{.listing} file, or the listing will be written to a@file{.listing.@var{number}} file.Even though this situation isn't a problem, though, @code{root} shouldnever run Wget in a non-trusted user's directory.  A user could dosomething as simple as linking @file{index.html} to @file{/etc/passwd}and asking @code{root} to run Wget with @samp{-N} or @samp{-r} so the filewill be overwritten.@cindex globbing, toggle@item --no-globTurn off @sc{ftp} globbing.  Globbing refers to the use of shell-likespecial characters (@dfn{wildcards}), like @samp{*}, @samp{?}, @samp{[}and @samp{]} to retrieve more than one file from the same directory atonce, like:@examplewget ftp://gnjilux.srk.fer.hr/*.msg@end exampleBy default, globbing will be turned on if the @sc{url} contains aglobbing character.  This option may be used to turn globbing on or offpermanently.You may have to quote the @sc{url} to protect it from being expanded byyour shell.  Globbing makes Wget look for a directory listing, which issystem-specific.  This is why it currently works only with Unix @sc{ftp}servers (and the ones emulating Unix @code{ls} output).@cindex passive ftp@item --no-passive-ftpDisable the use of the @dfn{passive} FTP transfer mode.  Passive FTPmandates that the client connect to the server to establish the dataconnection rather than the other way around.If the machine is connected to the Internet directly, both passive andactive FTP should work equally well.  Behind most firewall and NATconfigurations passive FTP has a better chance of working.  However,in some rare firewall configurations, active FTP actually works whenpassive FTP doesn't.  If you suspect this to be the case, use thisoption, or set @code{passive_ftp=off} in your init file.@cindex symbolic links, retrieving@item --retr-symlinksUsually, when retrieving @sc{ftp} directories recursively and a symboliclink is encountered, the linked-to file is not downloaded.  Instead, amatching symbolic link is created on the local filesystem.  Thepointed-to file will not be downloaded unless this recursive retrievalwould have encountered it separately and downloaded it anyway.When @samp{--retr-symlinks} is specified, however, symbolic links aretraversed and the pointed-to files are retrieved.  At this time, thisoption does not cause Wget to traverse symlinks to directories andrecurse through them, but in the future it should be enhanced to dothis.Note that when retrieving a file (not a directory) because it wasspecified on the command-line, rather than because it was recursed to,this option has no effect.  Symbolic links are always traversed in thiscase.@cindex Keep-Alive, turning off@cindex Persistent Connections, disabling@item --no-http-keep-aliveTurn off the ``keep-alive'' feature for HTTP downloads.  Normally, Wgetasks the server to keep the connection open so that, when you downloadmore than one document from the same server, they get transferred overthe same TCP connection.  This saves time and at the same time reducesthe load on the server.This option is useful when, for some reason, persistent (keep-alive)connections don't work for you, for example due to a server bug or dueto the inability of server-side scripts to cope with the connections.@end table@node Recursive Retrieval Options@section Recursive Retrieval Options@table @samp@item -r@itemx --recursiveTurn on recursive retrieving.  @xref{Recursive Download}, for moredetails.@item -l @var{depth}@itemx --level=@var{depth}Specify recursion maximum depth level @var{depth} (@pxref{RecursiveDownload}).  The default maximum depth is 5.@cindex proxy filling@cindex delete after retriev