4.6.x common.inc drupal_access_denied()
4.7.x common.inc drupal_access_denied()
5.x common.inc drupal_access_denied()
6.x common.inc drupal_access_denied()
7.x common.inc drupal_access_denied()

Generates a 403 error if the request is not allowed.

Related topics

10 calls to drupal_access_denied()
aggregator_admin_refresh_feed in modules/aggregator/aggregator.admin.inc
Menu callback; refreshes a feed, then redirects to the overview page.
book_export_html in modules/book/book.pages.inc
This function is called by book_export() to generate HTML for export.
comment_edit in modules/comment/comment.pages.inc
Form builder; generate a comment editing form.
file_download in includes/file.inc
Call modules that implement hook_file_download() to find out if a file is accessible and what headers it should be transferred with. If a module returns -1 drupal_access_denied() will be returned. If one or more modules returned headers the download…
index.php in ./index.php
The PHP page that serves all page requests on a Drupal installation.

... See full list


includes/common.inc, line 426
Common functions that many Drupal modules will need to reference.


function drupal_access_denied() {
  drupal_set_header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');

  watchdog('access denied', check_plain($_GET['q']), NULL, WATCHDOG_WARNING);

  // Keep old path for reference, and to allow forms to redirect to it.
  if (!isset($_REQUEST['destination'])) {
    // Make sure that the current path is not interpreted as external URL.
    if (!menu_path_is_external($_GET['q'])) {
      $_REQUEST['destination'] = $_GET['q'];

  $path = drupal_get_normal_path(variable_get('site_403', ''));
  if ($path && $path != $_GET['q']) {
    // Set the active item in case there are tabs to display or other
    // dependencies on the path.
    $return = menu_execute_active_handler($path);

  if (empty($return) || $return == MENU_NOT_FOUND || $return == MENU_ACCESS_DENIED) {
    drupal_set_title(t('Access denied'));
    $return = t('You are not authorized to access this page.');
  print theme('page', $return);


Anonymous’s picture

If you want to return the error 404 page (page not found), see the function drupal_not_found().

sylvain lavielle’s picture

I think this function introduce possibility of confusion usage : This function only render an access denied page but will not stop drupal normal render process.

So, for example, if you want to restrict a node access in a "last chance" test just before displaying it (test implemented in the hook_nodeapi at $op=='view') so you will need to do :


If you do not, drupal will output 2 pages stacked : The access denied page and the page you want to restrict access.

er.pushpinderrana’s picture

Before look into your solution, I was digging into code and doing a lot of research for this. I was also getting 2 pages issue as you explained and get resolved from your code.