Does that 'someone' has direct access to Solr endpoint? Is that a right
thing to do in a first place?
But assuming they do (e.g. intranet), you could build on Jack's suggestion
and create a couple of query-handler end-points that are only different in
invariant raw count value. So, your default search goes to search10, your
25 results page goes to search25, etc.
Thanks guys. This is a problem with the front end not validating requests. I was hoping there might be a simple config value I could enter/change, rather than going the long process of migrating a proper fix all the way up to our production servers. Looks like not, but thx.