For the future generation the answer which works for me is to use hidden segments.
If you want to secure e.g. Uploads folder go to your root Web.config and add into <system.webServer>
following element:
<security>
<requestFiltering>
<hiddenSegments>
<add segment="Uploads"/>
</hiddenSegments>
</requestFiltering>
</security>
This will prevent all users from direct access to Uploads folder and its content.