• Topic
  • Discussion
  • VOS.VirtSPARQLEndpointProtection(Last) -- DAVWikiAdmin? , 2017-06-29 07:39:59 Edit WebDAV System Administrator 2017-06-29 03:39:59

    Safeguarding your Virtuoso-hosted SPARQL Endpoint

    What?

    Protecting Virtuoso-hosted SPARQL Endpoint.

    Why?

    SPARQL endpoints are easy for random visitors to accidentally overload. Virtuoso allows you to secure your SPARQL endpoint against such abuses in various ways.

    How?

    The following section should be added to the Virtuoso configuration file (e.g., /opt/virtuoso/database/virtuoso.ini) to safeguard your SPARQL endpoint against excessive usage:


    [SPARQL]
    MaxCacheExpiration         = 1    ; Cache Expiration time in seconds; overrides Sponger's default cache invalidation scheme
    ExternalQuerySource        = 1
    ExternalXsltSource         = 1
    ResultSetMaxRows           = 100000
    ;DefaultGraph               = http://demo.openlinksw.com/dataspace/person/demo
    MaxQueryCostEstimationTime = 10000    ; in seconds
    MaxQueryExecutionTime      = 30    ; in seconds
    ;ImmutableGraphs            = http://unknown:8890/dataspace
    ;PingService                = http://rpc.pingthesemanticweb.com/
    DefaultQuery               = SELECT DISTINCT ?URI ?ObjectType WHERE { ?URI a ?ObjectType } LIMIT 50
    DeferInferenceRulesInit    = 1  ;  Defer loading of inference rules at start up
    

    Details about these settings can be found in the SPARQL Configuration File section of the Virtuoso Online Documentation.

    The "DeferInferenceRulesInit = 1" setting is particularly important when hosting large RDF data sets such as DBpedia, as it defers the load of the inference rules (which can take quite some time -- up to an hour!) until after basic server start-up.

    Virtuoso Web Services ACLs can also be used to limit access to the SPARQL endpoint.

    Related

    CategoryVirtuoso CategoryHowTo CategorySPARQL CategoryOAuth CategoryFOAFSSL CategoryDocumentation CategoryTutorial