4.6.x common.inc drupal_access_denied()
4.7.x common.inc drupal_access_denied()
5.x common.inc drupal_access_denied()
6.x common.inc drupal_access_denied()
7.x common.inc drupal_access_denied()

Generates a 403 error if the request is not allowed.

Related topics

5 calls to drupal_access_denied()
aggregator_admin_refresh_feed in modules/aggregator/aggregator.admin.inc
Menu callback; refreshes a feed, then redirects to the overview page.
menu_delete_menu_page in modules/menu/menu.admin.inc
Menu callback; check access and get a confirm form for deletion of a custom menu.
menu_item_delete_page in modules/menu/menu.admin.inc
Menu callback; Check access and present a confirm form for deleting a menu link.
profile_browse in modules/profile/profile.pages.inc
Menu callback; display a list of user information.
system_batch_page in modules/system/system.admin.inc
Default page callback for batches.


includes/common.inc, line 426
Common functions that many Drupal modules will need to reference.


function drupal_access_denied() {
  drupal_set_header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
  watchdog('access denied', check_plain($_GET['q']), NULL, WATCHDOG_WARNING);

  // Keep old path for reference, and to allow forms to redirect to it.
  if (!isset($_REQUEST['destination'])) {

    // Make sure that the current path is not interpreted as external URL.
    if (!menu_path_is_external($_GET['q'])) {
      $_REQUEST['destination'] = $_GET['q'];
  $path = drupal_get_normal_path(variable_get('site_403', ''));
  if ($path && $path != $_GET['q']) {

    // Set the active item in case there are tabs to display or other
    // dependencies on the path.
    $return = menu_execute_active_handler($path);
  if (empty($return) || $return == MENU_NOT_FOUND || $return == MENU_ACCESS_DENIED) {
    drupal_set_title(t('Access denied'));
    $return = t('You are not authorized to access this page.');
  print theme('page', $return);


Anonymous’s picture

If you want to return the error 404 page (page not found), see the function drupal_not_found().

sylvain lavielle’s picture

I think this function introduce possibility of confusion usage : This function only render an access denied page but will not stop drupal normal render process.

So, for example, if you want to restrict a node access in a "last chance" test just before displaying it (test implemented in the hook_nodeapi at $op=='view') so you will need to do :


If you do not, drupal will output 2 pages stacked : The access denied page and the page you want to restrict access.

er.pushpinderrana’s picture

Before look into your solution, I was digging into code and doing a lot of research for this. I was also getting 2 pages issue as you explained and get resolved from your code.


snehi’s picture

Stll not able to redirect to access denied page with following code in Drupal 7, going in infinite loop