diff --git a/modules/comment/classes/Comment/Controller/Comments.php b/modules/comment/classes/Comment/Controller/Comments.php
index 8a43556186..18954012c2 100644
--- a/modules/comment/classes/Comment/Controller/Comments.php
+++ b/modules/comment/classes/Comment/Controller/Comments.php
@@ -27,7 +27,7 @@ public function action_add() {
     $item = ORM::factory("Item", $item_id);
     Access::required("view", $item);
     if (!Comment::can_comment()) {
-      Access::forbidden();
+      throw HTTP_Exception::factory(403);
     }
     $author = Identity::active_user();
 
diff --git a/modules/comment/classes/Comment/Hook/Rest/Comment.php b/modules/comment/classes/Comment/Hook/Rest/Comment.php
index 44fb18470e..ba13c739eb 100644
--- a/modules/comment/classes/Comment/Hook/Rest/Comment.php
+++ b/modules/comment/classes/Comment/Hook/Rest/Comment.php
@@ -31,7 +31,7 @@ static function get($request) {
   static function put($request) {
     // Only admins can edit comments, for now
     if (!Identity::active_user()->admin) {
-      Access::forbidden();
+      throw HTTP_Exception::factory(403);
     }
 
     $comment = Rest::resolve($request->url);
@@ -42,7 +42,7 @@ static function put($request) {
 
   static function delete($request) {
     if (!Identity::active_user()->admin) {
-      Access::forbidden();
+      throw HTTP_Exception::factory(403);
     }
 
     $comment = Rest::resolve($request->url);
diff --git a/modules/gallery/classes/Gallery/Access.php b/modules/gallery/classes/Gallery/Access.php
index 2be21e5031..6b4a042576 100644
--- a/modules/gallery/classes/Gallery/Access.php
+++ b/modules/gallery/classes/Gallery/Access.php
@@ -114,7 +114,7 @@ static function user_can($user, $perm_name, $item) {
   }
 
   /**
-   * If the active user does not have this permission, failed with an Access::forbidden().
+   * If the active user does not have this permission, fire a 403 Forbidden.
    *
    * @param  string     $perm_name
    * @param  Model_Item $item
@@ -126,7 +126,7 @@ static function required($perm_name, $item) {
         // Treat as if the item didn't exist, don't leak any information.
         throw HTTP_Exception::factory(404);
       } else {
-        Access::forbidden();
+        throw HTTP_Exception::factory(403);
       }
     }
   }
@@ -191,13 +191,6 @@ static function locked_by($group, $perm_name, $item) {
     }
   }
 
-  /**
-   * Terminate immediately with an HTTP 403 Forbidden response.
-   */
-  static function forbidden() {
-    throw HTTP_Exception::factory(403);
-  }
-
   /**
    * Internal method to set a permission
    *
@@ -415,7 +408,7 @@ static function verify_csrf($csrf=null) {
     }
 
     if ($csrf !== Session::instance()->get("csrf")) {
-      Access::forbidden();
+      throw HTTP_Exception::factory(403);
     }
   }
 
diff --git a/modules/gallery/classes/Gallery/Controller/Admin.php b/modules/gallery/classes/Gallery/Controller/Admin.php
index a4ba5d08d7..1be9c66155 100644
--- a/modules/gallery/classes/Gallery/Controller/Admin.php
+++ b/modules/gallery/classes/Gallery/Controller/Admin.php
@@ -27,7 +27,7 @@ public function check_auth($auth) {
       if (Identity::active_user()->guest) {
         $auth->login = true;
       } else {
-        Access::forbidden();
+        throw HTTP_Exception::factory(403);
       }
     } else {
       $time_remaining = Auth::get_time_remaining_for_admin_area();
diff --git a/modules/gallery/classes/Gallery/Controller/L10nClient.php b/modules/gallery/classes/Gallery/Controller/L10nClient.php
index 2eb17fb430..7f79300c46 100644
--- a/modules/gallery/classes/Gallery/Controller/L10nClient.php
+++ b/modules/gallery/classes/Gallery/Controller/L10nClient.php
@@ -21,7 +21,7 @@ class Gallery_Controller_L10nClient extends Controller {
   public function action_save() {
     Access::verify_csrf();
     if (!Identity::active_user()->admin) {
-      Access::forbidden();
+      throw HTTP_Exception::factory(403);
     }
 
     $locale = I18n::instance()->locale();
@@ -96,7 +96,7 @@ public function action_save() {
   public function action_toggle_l10n_mode() {
     Access::verify_csrf();
     if (!Identity::active_user()->admin) {
-      Access::forbidden();
+      throw HTTP_Exception::factory(403);
     }
 
     $session = Session::instance();
diff --git a/modules/gallery/classes/Gallery/Controller/Packager.php b/modules/gallery/classes/Gallery/Controller/Packager.php
index d708253dd4..2e28ac5e0f 100644
--- a/modules/gallery/classes/Gallery/Controller/Packager.php
+++ b/modules/gallery/classes/Gallery/Controller/Packager.php
@@ -20,7 +20,7 @@
 class Gallery_Controller_Packager extends Controller {
   public function action_package() {
     if (PHP_SAPI != "cli") {
-      Access::forbidden();
+      throw HTTP_Exception::factory(403);
     }
 
     $_SERVER["SERVER_NAME"] = "example.com";
diff --git a/modules/gallery/classes/Gallery/Controller/Permissions.php b/modules/gallery/classes/Gallery/Controller/Permissions.php
index 5f3ac0111a..080163fb62 100644
--- a/modules/gallery/classes/Gallery/Controller/Permissions.php
+++ b/modules/gallery/classes/Gallery/Controller/Permissions.php
@@ -25,7 +25,7 @@ public function action_browse() {
     Access::required("edit", $item);
 
     if (!$item->is_album()) {
-      Access::forbidden();
+      throw HTTP_Exception::factory(403);
     }
 
     $view = new View("gallery/permissions_browse.html");
@@ -44,7 +44,7 @@ public function action_form() {
     Access::required("edit", $item);
 
     if (!$item->is_album()) {
-      Access::forbidden();
+      throw HTTP_Exception::factory(403);
     }
 
     $this->response->body($this->_get_form($item));
diff --git a/modules/gallery/classes/Gallery/Controller/Reauthenticate.php b/modules/gallery/classes/Gallery/Controller/Reauthenticate.php
index e07dcb16d4..f1690c3638 100644
--- a/modules/gallery/classes/Gallery/Controller/Reauthenticate.php
+++ b/modules/gallery/classes/Gallery/Controller/Reauthenticate.php
@@ -33,7 +33,7 @@ public function action_index() {
       if ($this->request->is_ajax()) {
         // We should never be able to get here since the admin reauth_check
         // won't work for non-admins.
-        Access::forbidden();
+        throw HTTP_Exception::factory(403);
       } else {
         // The user could have navigated here directly.  This isn't a security
         // breach, but they still shouldn't be here.
diff --git a/modules/gallery/classes/Gallery/Controller/Upgrader.php b/modules/gallery/classes/Gallery/Controller/Upgrader.php
index a8c4ccd6df..ccf87696fc 100644
--- a/modules/gallery/classes/Gallery/Controller/Upgrader.php
+++ b/modules/gallery/classes/Gallery/Controller/Upgrader.php
@@ -57,7 +57,7 @@ public function action_upgrade() {
       $_SERVER["SERVER_NAME"] = "example.com";
     } else {
       if (!Identity::active_user()->admin && !Session::instance()->get("can_upgrade", false)) {
-        Access::forbidden();
+        throw HTTP_Exception::factory(403);
       }
 
       try {
diff --git a/modules/gallery/classes/Gallery/IdentityProvider.php b/modules/gallery/classes/Gallery/IdentityProvider.php
index 16a006bb35..81d3ac78b1 100644
--- a/modules/gallery/classes/Gallery/IdentityProvider.php
+++ b/modules/gallery/classes/Gallery/IdentityProvider.php
@@ -66,7 +66,7 @@ static function confirmation_message() {
   static function change_provider($new_provider) {
     if (!Identity::active_user()->admin && PHP_SAPI != "cli") {
       // Below, the active user is set to the primary admin.
-      Access::forbidden();
+      throw HTTP_Exception::factory(403);
     }
 
     $current_provider = Module::get_var("gallery", "identity_provider");
diff --git a/modules/server_add/classes/ServerAdd/Controller/ServerAdd.php b/modules/server_add/classes/ServerAdd/Controller/ServerAdd.php
index d08c668f42..750625a6c0 100644
--- a/modules/server_add/classes/ServerAdd/Controller/ServerAdd.php
+++ b/modules/server_add/classes/ServerAdd/Controller/ServerAdd.php
@@ -117,7 +117,7 @@ public function action_run() {
 
     $task = ORM::factory("Task", $task_id);
     if (!$task->loaded() || $task->owner_id != Identity::active_user()->id) {
-      Access::forbidden();
+      throw HTTP_Exception::factory(403);
     }
 
     $task = Task::run($task_id);
diff --git a/modules/user/classes/User/Controller/Admin/Users.php b/modules/user/classes/User/Controller/Admin/Users.php
index 58ca7db2a7..49c27f5a98 100644
--- a/modules/user/classes/User/Controller/Admin/Users.php
+++ b/modules/user/classes/User/Controller/Admin/Users.php
@@ -124,7 +124,7 @@ public function action_delete_user() {
 
     // You cannot delete yourself or the guest user.
     if ($id == Identity::active_user()->id || $id == User::guest()->id) {
-      Access::forbidden();
+      throw HTTP_Exception::factory(403);
     }
 
     // Build the form.
diff --git a/modules/user/classes/User/Controller/Users.php b/modules/user/classes/User/Controller/Users.php
index 00de2ec255..cf4412cafb 100644
--- a/modules/user/classes/User/Controller/Users.php
+++ b/modules/user/classes/User/Controller/Users.php
@@ -26,7 +26,7 @@ public function action_edit() {
     $user_id = $this->request->arg(0, "digit");
     $user = User::lookup($user_id);
     if (empty($user) || $user->guest || $user->id != Identity::active_user()->id) {
-      Access::forbidden();
+      throw HTTP_Exception::factory(403);
     }
 
     // Build the form.
@@ -83,7 +83,7 @@ public function action_change_password() {
     $user_id = $this->request->arg(0, "digit");
     $user = User::lookup($user_id);
     if (empty($user) || $user->guest || $user->id != Identity::active_user()->id) {
-      Access::forbidden();
+      throw HTTP_Exception::factory(403);
     }
 
     $form = Formo::form()
@@ -140,7 +140,7 @@ public function action_change_email() {
     $user_id = $this->request->arg(0, "digit");
     $user = User::lookup($user_id);
     if (empty($user) || $user->guest || $user->id != Identity::active_user()->id) {
-      Access::forbidden();
+      throw HTTP_Exception::factory(403);
     }
 
     $form = Formo::form()