Drupal 9 redirect users to the default “access restricted” using form/controller
You can throw an exception at any point in your code: 403: throw new SymfonyComponentHttpKernelExceptionAccessDeniedHttpException(); 404: throw new SymfonyComponentHttpKernelExceptionNotFoundHttpException();