Prevent direct file access in Nginx


Does anyone know how you can prevent direct access to the files in wp-content/uploads via Nginx?

For example, if a PDF was residing at and someone found that URL and pasted it in the URL field in the browser, how do I deny that kind of access, but allow the link to be clicked in WordPress content?

On Apache, I believe this was possible by putting this in the root .htaccess:

RewriteEngine On RewriteCond %{HTTP_REFERER} !^https://(subdomain\.)?example\.com/ [NC] RewriteCond %{REQUEST_URI} !hotlink\.(gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx|mp4|mov) [NC] RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC] RewriteRule .*\.(gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx|mp4|mov)$ [NC]

The above was for a subdomain and was also a check for whether the user was logged in, because it was a member site. But I’d like to deny any user access to a file by direct link and to do it for Nginx.

Is that at all possible? I’ve searched a lot for possible solutions and put them in nginx.conf in the the site root and restarted nginx, but they don’t work.