Protecting EDD Uploads folder in Local

I appreciate that this only really applies to live sites, but if I wanted to protect zip files in the EDD upload folder in wp-content/uploads/edd from unauthorised downloads in Local when using nginx, how do I do this?

The line I need to add is:
rewrite ^/wp-content/uploads/edd/(.*).zip$ / permanent;

…just not sure where to add it.
Have tried in site.conf.hbs and wordpress-single.conf.hbs in conf/nginx and restarted Local but no luck so far as I can still access and download a zip file in that folder.