This is fairly easy.

If I go to https://webserver.com/someurl?a=b, will the someurl?a=b part be protected, or just the contents of the site?


The entire URL will be encrypted. When the web browser connects to the server, it connects to the appropriate IP address, starts encryption, and then sends the request (hostname, URL, parameters, form contents, etc.).

Note that the DNS lookup will not be encrypted, so anyone looking at your traffic can tell that you looked the domain up, even if they can't tell what you sent or what came back. This may or may not be important in your case.


The entire HTTP request is encrypted. This is why having more than one SSL site per IP address is troublesome.