How to Hide Your IP with Linux curl: Proxy Types, Settings, and Anonymity Tests

Proxy Server Overview

To protect personal privacy, a proxy server sits between a browser and an HTTP server, forwarding requests while optionally masking the client’s original IP address. Besides HTTP/HTTPS, protocols such as FTP, RTSP, and POP3 can also be proxied, but this guide focuses on HTTP and HTTPS.

Proxy Types

HTTP Proxy

Transparent – the target server sees both the proxy IP and the client’s original IP.

Anonymous – the server knows a proxy is used but cannot obtain the original IP.

High‑anonymous – the server cannot detect proxy usage and cannot obtain the original IP.

SOCKS Proxy

SOCKS4 – supports TCP applications only.

SOCKS4A – TCP support with server‑side DNS resolution.

SOCKS5 – supports TCP and UDP, server‑side DNS, multiple authentication methods, and IPv6.

curl Proxy Options (Linux)

-x host:port

or --proxy protocol://[user:pwd@]host[:port] – set an HTTP/HTTPS proxy (default port 8080 if omitted). --socks4 host[:port], --socks4a host[:port], --socks5 host[:port] – use SOCKS proxies; these options override -x. --proxy-anyauth, --proxy-basic, --proxy-digest, --proxy-negotiate, --proxy-ntlm – specify authentication mechanisms. -U user:password or --proxy-user user:password – provide proxy credentials.

Example: Setting an HTTP Proxy with curl

# Specify HTTP proxy IP and port
curl -x 113.185.19.192:80 http://aiezu.com/test.php

# Using the --proxy syntax
curl --proxy 113.185.19.192:80 http://aiezu.com/test.php

# Explicit protocol declaration
curl -x http_proxy://aiezu:[email protected]:80 http://aiezu.com/test.php

# With basic authentication
curl -x aiezu:[email protected]:80 http://aiezu.com/test.php

# With NTLM authentication
curl -x 113.185.19.192:80 -U aiezu:123456 --proxy-ntlm http://aiezu.com/test.php

Example: Setting a SOCKS Proxy with curl

# SOCKS4 (no authentication)
curl --socks4 122.192.32.76:7280 http://aiezu.com/test.php

# SOCKS4A (no authentication)
curl --socks4a 122.192.32.76:7280 http://aiezu.com/test.php

# SOCKS5 with basic authentication
curl --socks5 122.192.32.76:7280 -U aiezu:123456 http://aiezu.com/test.php

# SOCKS5 with NTLM authentication
curl -x socks5:122.192.32.76:7280 --proxy-ntlm http://aiezu.com/test.php

Testing Proxy Anonymity

Create a test.php script that outputs selected $_SERVER fields to observe which IP address and headers the web server receives.

Sample test.php

<?php
$fields = ['REMOTE_ADDR','HTTP_X_FORWARDED_FOR','HTTP_VIA','HTTP_PROXY_CONNECTION'];
$srv = array_intersect_key($_SERVER, array_flip($fields));
print_r($srv);

Test Scenarios and Results

No proxy – REMOTE_ADDR shows the client’s real IP.

Transparent HTTP proxy – REMOTE_ADDR is the proxy IP, the original IP appears in HTTP_X_FORWARDED_FOR, and HTTP_VIA indicates proxy usage.

Anonymous HTTP proxy – REMOTE_ADDR is the proxy IP, no original IP header is present, but HTTP_PROXY_CONNECTION reveals that a proxy was used.

High‑anonymous HTTP proxy – only REMOTE_ADDR shows the proxy IP; no additional headers expose proxy usage.

SOCKS5 proxy – behaves like a high‑anonymous proxy, changing only REMOTE_ADDR without leaving other proxy‑related headers.