By default, if a file exists you can access it directly via an accurate URL, without Drupal even getting involved (this is due to a directive in the .htaccess rewrite)
However, also due to a directive in .htaccess, the default Apache raw directory browsing and 'index.htm' resolving behaviour is turned off - to protect your files from unintended access. Just entering a directory path as a link will not work (Access denied).
See Configuring .htaccess to ignore specific subfolders if you want to:
- Provide raw directory browse access to areas
- Run static HTML pages alongside (within) a Drupal installation
- Run other web applications (like a stand-alone gallery or forum version)
- Access a host-provided subdirectory or virtual subdirectory (eg /stats or /webmail)