CF can only protect CF files if they web accessible.
If you request a PDF file for example, CF is never involve din this process.
The best solution is to use server side security to password protect folder
and not CF.
If you are on APACHE then simply use .htaccess for this.
If you are on windows/IIS then take a look at Helicon APE
> Hello everyone.
> I have a site where a password is required to access the site. On pages in
> the site, there are links to download files. I set the appropriate meta
> tags and robots.txt to tell the search engines to not spyder the site.
> Though the site pages are not in google, the files are showing up. that's
> It's a lot of files, so before I code up a solution to access all the
> through logic so I can control the permissions, is there some way to
> protect a directory so that files can't be downloaded without being logged
> in on the site?
> My guess is the answer is no, but I thought I would ask.