diff --git a/CHANGELOG.md b/CHANGELOG.md
index a4881ea..721b8e9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,13 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 chronology things are added/fixed/changed and - where possible - links to the PRs involved.
 
 ### Changes
+[XENOPS-1164]  date: 10 May 2024
+* remove defaultBackend from ingress rules, this should not be set by individual namespace resources
+* defaultBackend will point to new nginx-default-service providing 404 if page not found.
+* defaultBackend will be mapped to default ingress root path for the alfresco host only
+
+
+
 [XENOPS-1161] 
 * change liveness probe threshold to trigger after readiness probe failure to avoid looping restarts on slow systems 
  
diff --git a/README.md b/README.md
index 57b19e1..6274dad 100644
--- a/README.md
+++ b/README.md
@@ -257,6 +257,7 @@ For more information take a look at
 
 * Required: false
 * Default: None
+* Remark: Do not use this to set the root`/` path, that should be set by the defaultBackend
 * Example:
 
 ```yaml
@@ -274,7 +275,7 @@ For more information take a look at
 #### `ingress.defaultBackend.service`
 
 * Required: true
-* Default: acs-service
+* Default: nginx-default-service
 * Description: the default service name that ingress will point to
 
 #### `ingress.defaultBackend.port`
@@ -288,6 +289,8 @@ For more information take a look at
 * Required: false
 * Default: `true`
 * Description: Enable 403 handler for alfresco api solr endpoints
+
+  
 #### `ingress.blockAcsSolrApi.paths`
 
 * Required: false
diff --git a/xenit-alfresco/templates/ingress/alfresco-ingress.yaml b/xenit-alfresco/templates/ingress/alfresco-ingress.yaml
index 75ff7cf..a0e1667 100644
--- a/xenit-alfresco/templates/ingress/alfresco-ingress.yaml
+++ b/xenit-alfresco/templates/ingress/alfresco-ingress.yaml
@@ -20,15 +20,19 @@ spec:
       # Provide a unique secret to store the SSL credentials
       secretName: tls-alfresco-{{ .Release.Name }}-secret
   {{- end }}
-  defaultBackend:
-    service:
-      name: {{ .Values.ingress.defaultBackend.service }}
-      port:
-        number: {{ .Values.ingress.defaultBackend.port }}
   rules:
   - host: {{ required "A host where your alfresco services can be reached on must be specified in values.ingress.host" .Values.ingress.host }}
     http:
       paths:
+      {{- if .Values.ingress.defaultBackend }}
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: {{ .Values.ingress.defaultBackend.service }}
+            port:
+              number: {{ .Values.ingress.defaultBackend.port }}
+      {{- end }}
       {{- if .Values.acs.ingress.enabled }}
       - path: /alfresco
         pathType: Prefix
@@ -71,7 +75,7 @@ spec:
         pathType: Prefix
         backend:
           service:
-            name: nginx-403-service
+            name: nginx-default-service
             port:
               number: 30403
       {{- end }}
diff --git a/xenit-alfresco/templates/ingress/nginx-403-config.yaml b/xenit-alfresco/templates/ingress/nginx-403-config.yaml
deleted file mode 100644
index 6cdec18..0000000
--- a/xenit-alfresco/templates/ingress/nginx-403-config.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-{{- if .Values.ingress.blockAcsSolrApi.enabled -}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: nginx-403-configmap
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    app: nginx-403
-data:
-  nginx.conf: |
-    worker_processes  1;
-    
-    events {
-      worker_connections  1024;
-    }
-    http{
-      server {
-        listen 80;
-        server_name _;
-    
-        location / {
-          return 403 'Forbidden';
-        }
-      }
-    }
-{{- end }}
diff --git a/xenit-alfresco/templates/ingress/nginx-default-config.yaml b/xenit-alfresco/templates/ingress/nginx-default-config.yaml
new file mode 100644
index 0000000..16b2364
--- /dev/null
+++ b/xenit-alfresco/templates/ingress/nginx-default-config.yaml
@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nginx-default-configmap
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    app: nginx-default
+data:
+  nginx.conf: |
+    worker_processes  1;
+    
+    events {
+      worker_connections  1024;
+    }
+    http{
+      log_format xenit_json escape=json '{ "time":"$time_iso8601","timestamp":$msec,"responseStatus":$status,"type":"access","requestTime":"$request_time","requestMethod":"$request_method","remoteAddr":"$remote_addr","requestUri":"$request" }';
+      access_log /var/log/nginx/access.log xenit_json;
+      server {
+        listen 80;
+        server_name _;
+        {{- if .Values.ingress.blockAcsSolrApi.enabled -}}
+        {{- range $.Values.ingress.blockAcsSolrApi.paths }}
+        location {{ . }} {
+          return 403 'Forbidden';
+        }
+        {{- end }}
+        {{- end }} 
+        location / {
+          return 404 'Sorry, this page is not served here.';
+        }
+      }
+    }
+
diff --git a/xenit-alfresco/templates/ingress/nginx-403-deployment.yaml b/xenit-alfresco/templates/ingress/nginx-default-deployment.yaml
similarity index 74%
rename from xenit-alfresco/templates/ingress/nginx-403-deployment.yaml
rename to xenit-alfresco/templates/ingress/nginx-default-deployment.yaml
index 300ff35..fd188b0 100644
--- a/xenit-alfresco/templates/ingress/nginx-403-deployment.yaml
+++ b/xenit-alfresco/templates/ingress/nginx-default-deployment.yaml
@@ -1,20 +1,19 @@
-{{- if .Values.ingress.blockAcsSolrApi.enabled -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: nginx-403
+  name: nginx-default
   namespace: {{ .Release.Namespace | quote }}
   labels:
-    app: nginx-403
+    app: nginx-default
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app: nginx-403
+      app: nginx-default
   template:
     metadata:
       labels:
-        app: nginx-403
+        app: nginx-default
     spec:
       containers:
         - name: nginx
@@ -28,5 +27,4 @@ spec:
       volumes:
         - name: config-volume
           configMap:
-            name: nginx-403-configmap
-{{- end }}
\ No newline at end of file
+            name: nginx-default-configmap
\ No newline at end of file
diff --git a/xenit-alfresco/templates/ingress/nginx-403-service.yaml b/xenit-alfresco/templates/ingress/nginx-default-service.yaml
similarity index 71%
rename from xenit-alfresco/templates/ingress/nginx-403-service.yaml
rename to xenit-alfresco/templates/ingress/nginx-default-service.yaml
index 9db6591..dc04896 100644
--- a/xenit-alfresco/templates/ingress/nginx-403-service.yaml
+++ b/xenit-alfresco/templates/ingress/nginx-default-service.yaml
@@ -1,17 +1,15 @@
-{{- if .Values.ingress.blockAcsSolrApi.enabled -}}
 apiVersion: v1
 kind: Service
 metadata:
-  name: nginx-403-service
+  name: nginx-default-service
   namespace: {{ .Release.Namespace | quote }}
 spec:
   {{- if .Values.general.serviceType }}
   type: {{ .Values.general.serviceType }}
   {{- end }}
   selector:
-    app: nginx-403
+    app: nginx-default
   ports:
     - port: 30403
       targetPort: 80
       protocol: TCP
-{{- end }}
\ No newline at end of file
diff --git a/xenit-alfresco/values.yaml b/xenit-alfresco/values.yaml
index 785ac4e..357a48b 100644
--- a/xenit-alfresco/values.yaml
+++ b/xenit-alfresco/values.yaml
@@ -24,8 +24,8 @@ ingress:
     kubernetes.io/ingress.class: "nginx"
     cert-manager.io/cluster-issuer: "letsencrypt-production"
   defaultBackend:
-    service: acs-service
-    port: 30000
+    service: nginx-default-service
+    port: 30403
   blockAcsSolrApi:
     enabled: true
     paths: