I want to restrict all directories and files to the end users, but the application should be accessible. I have restricted all directories except readme.md. I cannot even locate the file inside www folder. But the file is viewed when it is ran in the browser as follows.

Following are the changes I have done in httpd.config file

<Directory "c:/wamp64/www">
     Order Deny,Allow
     Deny from all
     Allow from 127.0.0.1
     Allow from ::1
     Allow from localhost
</Directory>

<Files "c:/wamp64/icons/readme.md">
     Order Deny,Allow
     Deny from all

</Files>

<Directory "c:/wamp64/www/*">
    Allow from all
</Directory>

Apache 2.4 is my version