I was trying to prevent hotlinking for http://mydomain.com/photos/

then I use the following in nginx.conf

location ~ /photos/ {
valid_referers none blocked server_names;
if ($invalid_referer) {
return 403;
}
}

I found that it will block hotlinking from other sites and return 403. However, it will return 404 when the referer is mydomain.com

After testing for quite some time, I found that the following will work

location ~ /upload/ {
root /home/domainuser/domains/mydomin.com/public_html;
valid_referers none blocked server_names;
if ($invalid_referer) {
return 403; }
}

It only works when I add root to it. Yet, most tutorial does not state that. Is it a buy on nginx 0.7.59 or I have set something wrong in the nginx.conf so that I have to add the root?