He really didn't handle the explanation of the joke properly...

Do I understand it correctly? It loops back to the origin machine so they were seeing their own files? And they thought they were seeing the files on an external machine?

Nothing is mentioned about anyone actually trying to access the URI. I don't think their server would have used that filepath.

I imagine the plaintiff simply assumed it was legitimate without investigation, i.e. it was a successful troll.