diff --git a/nginx-ingress/entrypoint.sh b/nginx-ingress/entrypoint.sh
index 8bcdeb5..5adaad5 100644
--- a/nginx-ingress/entrypoint.sh
+++ b/nginx-ingress/entrypoint.sh
@@ -1,5 +1,9 @@
 #!/bin/sh
 
+if [[ $ACS_PLATFORM_URL ]]; then
+  sed -i s%http:\/\/platform:8080%"$REPO_URL"%g /etc/nginx/nginx.conf
+fi
+
 if [[ $ACCESS_LOG ]]; then
   sed -i s%\#ENV_ACCESS_LOG%"access_log $ACCESS_LOG;"%g /etc/nginx/nginx.conf
 fi
diff --git a/nginx-ingress/nginx.conf b/nginx-ingress/nginx.conf
index c8aac96..0bbab22 100644
--- a/nginx-ingress/nginx.conf
+++ b/nginx-ingress/nginx.conf
@@ -24,5 +24,28 @@ http {
         proxy_set_header X-Real-IP       $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_pass_header Set-Cookie;
+        
+        # Protect access to SOLR APIs
+        location ~ ^(/.*/service/api/solr/.*)$ {return 403;}
+        location ~ ^(/.*/s/api/solr/.*)$ {return 403;}
+        location ~ ^(/.*/wcservice/api/solr/.*)$ {return 403;}
+        location ~ ^(/.*/wcs/api/solr/.*)$ {return 403;}
+
+        location ~ ^(/.*/proxy/alfresco/api/solr/.*)$ {return 403 ;}
+        location ~ ^(/.*/-default-/proxy/alfresco/api/.*)$ {return 403;}
+        
+        # Protect access to Prometheus endpoint
+        location ~ ^(/.*/s/prometheus)$ {return 403;}
+        
+        location / {
+            proxy_pass http://platform:8080;
+        }
+
+        location /alfresco/ {
+            proxy_pass http://platform:8080;
+
+            # If using external proxy / load balancer (for initial redirect if no trailing slash)
+            absolute_redirect off;
+        }
     }
 }