4.6.x common.inc drupal_access_denied()
4.7.x common.inc drupal_access_denied()
5.x common.inc drupal_access_denied()
6.x common.inc drupal_access_denied()
7.x common.inc drupal_access_denied()

Generates a 403 error if the request is not allowed.

Related topics

10 calls to drupal_access_denied()
aggregator_admin_refresh_feed in modules/aggregator/aggregator.admin.inc
Menu callback; refreshes a feed, then redirects to the overview page.
book_export_html in modules/book/book.pages.inc
This function is called by book_export() to generate HTML for export.
comment_edit in modules/comment/comment.pages.inc
Form builder; generate a comment editing form.
file_download in includes/file.inc
Call modules that implement hook_file_download() to find out if a file is accessible and what headers it should be transferred with. If a module returns -1 drupal_access_denied() will be returned. If one or more modules returned headers the download…
index.php in ./index.php
The PHP page that serves all page requests on a Drupal installation.

... See full list


includes/common.inc, line 426
Common functions that many Drupal modules will need to reference.


function drupal_access_denied() {
  drupal_set_header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');

  watchdog('access denied', check_plain($_GET['q']), NULL, WATCHDOG_WARNING);

  // Keep old path for reference, and to allow forms to redirect to it.
  if (!isset($_REQUEST['destination'])) {
    // Make sure that the current path is not interpreted as external URL.
    if (!menu_path_is_external($_GET['q'])) {
      $_REQUEST['destination'] = $_GET['q'];

  $path = drupal_get_normal_path(variable_get('site_403', ''));
  if ($path && $path != $_GET['q']) {
    // Set the active item in case there are tabs to display or other
    // dependencies on the path.
    $return = menu_execute_active_handler($path);

  if (empty($return) || $return == MENU_NOT_FOUND || $return == MENU_ACCESS_DENIED) {
    drupal_set_title(t('Access denied'));
    $return = t('You are not authorized to access this page.');
  print theme('page', $return);


Anonymous’s picture

If you want to return the error 404 page (page not found), see the function drupal_not_found().

sylvain lavielle’s picture

I think this function introduce possibility of confusion usage : This function only render an access denied page but will not stop drupal normal render process.

So, for example, if you want to restrict a node access in a "last chance" test just before displaying it (test implemented in the hook_nodeapi at $op=='view') so you will need to do :


If you do not, drupal will output 2 pages stacked : The access denied page and the page you want to restrict access.

er.pushpinderrana’s picture

Before look into your solution, I was digging into code and doing a lot of research for this. I was also getting 2 pages issue as you explained and get resolved from your code.


snehi’s picture

Stll not able to redirect to access denied page with following code in Drupal 7, going in infinite loop