Suppose you have a 4D database that has a Default HTML Root. Suppose in that folder you have a file called "page.shtml". If the Web server is turned on, any browser can make a request like this:
https://127.0.0.1/page.shtml
and 4D will automatically serve out the page. What if you want to authenticate the request first, though? How do you stop the page from being served out? Or, perhaps, what if you want to run some code before serving the page, for instance, to set up some data for display in the page?
The answer is to _not_ keep your pages directly inside the HTML root. Keep them in a folder nested inside the HTML root, with an obscure name that no one will guess. After you've "obscured" your page, try loading it again with the same URL. Since there is no file named "page.shtml" in your HTML root any longer, the On Web Connection method will execute to handle the request instead.
When it does, you can prepare data for the page, re-direct to another page, send out a custom response, and more. If you _do_ want to send out "page.shtml" after having performed some set-up, you just issue:
SEND HTML FILE(<>ObscureFolder+$tPageName)
Where <>ObscureFolder is a variable holding the name of your "obscured" folder (e.g. "xx1yy2zz3/") and $tPageName is the name of the page that was requested.