From 7a0e282dd0366cd59a41421b0efed7afae9d9c02 Mon Sep 17 00:00:00 2001
From: Andy Dawson <andydawson76@gmail.com>
Date: Wed, 8 Jun 2016 09:35:40 +0200
Subject: [PATCH] Add an ssl no-default example

I.e. an example of this:

    -> curl -kI -H "Host: valid.com" https://localhost
    HTTP/1.1 200 OK
    ...
    -> curl -kI -H "Host: invalid.com" https://localhost
    curl: (52) Empty reply from server

Whether this works or not depends on SNI.
---
 sites-available/ssl.no-default | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 sites-available/ssl.no-default

diff --git a/sites-available/ssl.no-default b/sites-available/ssl.no-default
new file mode 100644
index 0000000..0057270
--- /dev/null
+++ b/sites-available/ssl.no-default
@@ -0,0 +1,12 @@
+# Drop requests for unknown hosts
+#
+# If no default server is defined, nginx will use the first found server.
+# To prevent host header attacks, or other potential problems when an unknown 
+# servername is used in a request, it's recommended to drop the request 
+# returning 444 "no response".
+
+server {
+  listen 443 ssl default_server;
+  include h5bp/direcitve-only/ssl.conf
+  return 444;
+}