When using Smallrye health check, an endpoint like /q/health will be automatically added to the base URI. I would like to prevent someone ddossing this endpoint, so he cannot tear down databases or other services linked to this health check.
For customer endpoints, you can use the smallrye-fault-tolerance with @RateLimit annotation. But can this be used for automatic endpoints like /q/health as well? If not, what is the solution to prevent ddos like requests on the health endpoint?
That is not possible, at least not in a straightforward way. It would be possible to use the SmallRye Fault Tolerance programmatic API to implement a rate limit in a Vert.x Web handler (see e.g. quarkus.io/guides/reactive-routes#intercepting-http-requests), but perhaps the best for you would be to enable the dedicated management interface (quarkus.io/guides/management-interface-reference). Then, you will have the health endpoint on a completely different port, which doesn’t have to be exposed to public internet.
@Ladicek Ok, thanks for your explanation.