I had a need to be able to only allow site collection admins to see some custom pages I had deployed into the _layouts directory.
Create a custom code behind class for your aspx that inherits from LayoutsPageBase.
Next, override the OnLoad method in your code behind and add the following code
if (!SPContext.Current.Web.UserIsSiteAdmin) SPUtility.HandleAccessDenied(new Exception("You need to be a site administrator to access this page."));
This will redirect the user to the built in SharePoint Access denied page, for consistency.