How Web Addresses Work

Most of us have been using web addresses for years without really understanding how they work.  Today we are going to try to demystify the web address for you.  Web addresses are basically “rented” for a period of time from a Domain Name Registrar, and are part of the Domain Name System (DNS).  DNS changes the easy alphanumeric domain names we use into numerical IP addresses that computers and web servers use.  The web address is a hierarchical representation of a web resource.  The web address is read from left to right.  The period (.) is used to separate hierachical parts of a domain name or web address.  Let’s take a look at one of my domains, The main parts of a domain name are:

  • The TLD or top level domain.  This is the last section on the right.  This is the .com, .net, .org, .gov and so forth.  Each top level domain is managed by something called a root server in the DNS hierarchy.  The .com root server, for instance, know what DNS servers are authoritative for the domain names that end in .com
    • Additionally, there is a TLD for every country in the world as well, for instance .us for the United States, .in for India, .ca for Canada, .cn for China, .ru for Russia.
  • The domain name.  This is the middle section, and is the part that you can purchase from a domain name registrar such as GoDaddy or Network Solutions

In order to use a domain name, we have to associate it with a service that is provided by a server or computer.  Lets start with a simple web address:  This is known as a Uniform Resource Locator (URL), or Uniform Resource Identifier (URI).  These terms are interchangeable.  There is also something called a Fully Qualified Domain Name (FQDN) which is the full machine name of a computer or server.  That’s right, all computers have names.  Every server and computer on a network has an Internet Protocol address or IP address assigned to it as well.  The domain Name System (DNS) tell computers how to find the IP address associated with a domain name or web server.  For example, my domain name is located on a server with a FQDN of and an IP address of

Let’s go back to . This web address will take you to the home page of one of my websites.  There are a couple of new pieces to the URL.

  • The first part http refers to the communication protocol, in this case the hypertext transfer protocol.  This tells your computer that the resource ( the server or system) is going to display a web site, which is generally written in HTML or Hypertext Markup Language.  This also tells the computer to launch an application called a web browser, like Google Chrome, Firefox, or Internet Explorer, which turns the HTML code into something that a human can read.
  • The next part tells the computer what sort of service we are looking for.  In the example, the service is www. This stands for the World Wide Web protocol and tells the computer that we are looking for web server.  Often, the www is not required, and entering will take you to the web site as well.
    • If the protocol was ftp this is file transfer protocol, and would be a method I could use to move content to or from the web server.
    • If the protocol was pop, imap, or smtp this would be an email server.  Depending on how your server is configured, it may be capable of doing all these tasks and all of the URLs would have the same IP address.  Or these services may be may be running on different machines with different IP addresses. There are other services that may be part of a URL.

The sub-domain.  Not everything you see to the left of a domain name is a service.  There is another part, called a sub-domain. When you own a domain, you can create whatever sub-domain names you wish.  I can create the URL for instance, and set it up to host a test web site.  I can add more sub-domains in a chain such as

After the slash.  The next part of a URL is what comes after the TLD.  This information is separated from the TLD (.com, etc) with a slash (/).  The parts that come after continue to be separated by a slash, and this represents the interior parts of the web site or resource, things like directories (folders), and pages.  For example, the URL will take you to a nested page on my website.

Hopefully this tutorial has helped explain the different parts of a web address in a way that is helpful for you.  On Monday we will be looking at how web addresses can be spoofed by a cyber-criminal in a phishing exploit.





About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.