your href is a link to the local filesystem, which is typically not served up by the web server..otherwise anybody could come in via www and download (or even change) anything anywhere.
the web server serves up files etc from a specific directory designated as the Document Root for the web service. This security mechanism may or may not come into play when you're accessing the document on the same machine that has the www service.
Also, browser mime types come into play, as once you can get to the file, the browser will be opening it.
also...check your web server error log.