diff --git a/src/authorization/DenyAllAuthorizer.ts b/src/authorization/DenyAllAuthorizer.ts
new file mode 100644
index 000000000..93cb26417
--- /dev/null
+++ b/src/authorization/DenyAllAuthorizer.ts
@@ -0,0 +1,11 @@
+import { ForbiddenHttpError } from '../util/errors/ForbiddenHttpError';
+import { Authorizer } from './Authorizer';
+
+/**
+ * An authorizer that rejects all requests.
+ */
+export class DenyAllAuthorizer extends Authorizer {
+  public async handle(): Promise<never> {
+    throw new ForbiddenHttpError();
+  }
+}
diff --git a/src/index.ts b/src/index.ts
index 80c039132..c0cd695ad 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -12,6 +12,7 @@ export * from './authorization/AllowAllAuthorizer';
 export * from './authorization/Authorization';
 export * from './authorization/Authorizer';
 export * from './authorization/AuxiliaryAuthorizer';
+export * from './authorization/DenyAllAuthorizer';
 export * from './authorization/WebAclAuthorization';
 export * from './authorization/WebAclAuthorizer';
 
diff --git a/test/unit/authorization/DenyAllAuthorizer.test.ts b/test/unit/authorization/DenyAllAuthorizer.test.ts
new file mode 100644
index 000000000..730d7095e
--- /dev/null
+++ b/test/unit/authorization/DenyAllAuthorizer.test.ts
@@ -0,0 +1,14 @@
+import { DenyAllAuthorizer } from '../../../src/authorization/DenyAllAuthorizer';
+import { ForbiddenHttpError } from '../../../src/util/errors/ForbiddenHttpError';
+
+describe('A DenyAllAuthorizer', (): void => {
+  const authorizer = new DenyAllAuthorizer();
+
+  it('can handle all requests.', async(): Promise<void> => {
+    await expect(authorizer.canHandle({} as any)).resolves.toBeUndefined();
+  });
+
+  it('rejects all requests.', async(): Promise<void> => {
+    await expect(authorizer.handle()).rejects.toThrow(ForbiddenHttpError);
+  });
+});