diff --git a/sites-available/ssl.no-default b/sites-available/ssl.no-default
new file mode 100644
index 0000000..0057270
--- /dev/null
+++ b/sites-available/ssl.no-default
@@ -0,0 +1,12 @@
+# Drop requests for unknown hosts
+#
+# If no default server is defined, nginx will use the first found server.
+# To prevent host header attacks, or other potential problems when an unknown 
+# servername is used in a request, it's recommended to drop the request 
+# returning 444 "no response".
+
+server {
+  listen 443 ssl default_server;
+  include h5bp/direcitve-only/ssl.conf
+  return 444;
+}