This is fairly easy.
If I go to https://webserver.com/someurl?a=b, will the someurl?a=b part be protected, or just the contents of the site?
Asked
Active
Viewed 2,370 times
18
Karel Bílek
- 1,492
- 2
- 17
- 31
2 Answers
24
The entire URL will be encrypted. When the web browser connects to the server, it connects to the appropriate IP address, starts encryption, and then sends the request (hostname, URL, parameters, form contents, etc.).
Note that the DNS lookup will not be encrypted, so anyone looking at your traffic can tell that you looked the domain up, even if they can't tell what you sent or what came back. This may or may not be important in your case.
Steve Simms
- 2,052
- 14
- 7
-
very good point that (typical / not DNSSEC) DNS lookup is unencrypted. If the hostname ends with `hub.com` but doesn't start with `git` then you might be embarassed at some point – Andrei Rînea May 10 '22 at 21:08
8
The entire HTTP request is encrypted. This is why having more than one SSL site per IP address is troublesome.
Ignacio Vazquez-Abrams
- 111,361
- 10
- 201
- 247
-
1Can you please elaborate further your answer (explaining why and or what you meant by *troublesome*)? – nyedidikeke Dec 24 '16 at 19:42