What I would like to do is to disable the contents of a single directory on my site from being shown anywhere but my site.

I've google searched a bit, and found and tried some things, but it's not seeming to work.

In my configuration, I have the following:


location /path/to/directory/ {
valid_referers none blocked www.mydomain.org mydomain.org;
if ($invalid_referer) {
return 403;
}
}


However, this seems to block images of that directory even on my site.

Could someone tell me what I might be doing wrong?

It seems that there was two things I was doing wrong.

First, I included no "root" (I just assumed it would inherit the root from "/").

After I included the root, though, I was still not seeing the images, still getting 404's instead of 403's.

My root was:
/path/to/root/path/to/directory;

After I changed it to just:
/path/to/root;

it worked fine.


Final configuration was:

location /path/to/directory/ {
root /path/to/root;
valid_referers www.mydomain.org mydomain.org;
if ($invalid_referer) {
return 403;
}
}


I did not include 'none' or 'blocked' because it was more or less imperative that it could ONLY be accessed from my site. (I do realize that people can still spoof my site into their referrer header, so that it's not a "perfect" solution, but I couldn't risk masked headers (blocked) and no headers (none) being able to see it.)