diff --git a/modules/nixos-modules/server/reverseProxy/reverseProxy.nix b/modules/nixos-modules/server/reverseProxy/reverseProxy.nix
index 5b8357f..eecc9bf 100644
--- a/modules/nixos-modules/server/reverseProxy/reverseProxy.nix
+++ b/modules/nixos-modules/server/reverseProxy/reverseProxy.nix
@@ -6,6 +6,11 @@
   options.services.reverseProxy = {
     enable = lib.mkEnableOption "turn on the reverse proxy";
     openFirewall = lib.mkEnableOption "open the firewall";
+    refuseUnmatchedDomains = lib.mkOption {
+      type = lib.types.bool;
+      description = "refuse connections for domains that don't match any configured virtual hosts";
+      default = true;
+    };
     ports = {
       http = lib.mkOption {
         type = lib.types.port;
@@ -96,7 +101,20 @@
       services.nginx = {
         enable = true;
         virtualHosts = lib.mkMerge (
-          lib.lists.flatten (
+          (lib.optionals config.services.reverseProxy.refuseUnmatchedDomains [
+            {
+              "_" = {
+                default = true;
+                serverName = "_";
+                locations."/" = {
+                  extraConfig = ''
+                    return 444;
+                  '';
+                };
+              };
+            }
+          ])
+          ++ lib.lists.flatten (
             lib.attrsets.mapAttrsToList (
               name: service: let
                 hostConfig = {