Safeguarding your Virtuoso-hosted SPARQL Endpoint

What?

Protecting Virtuoso-hosted SPARQL Endpoint.

Why?

SPARQL endpoints are easy for random visitors to accidentally overload. Virtuoso allows you to secure your SPARQL endpoint against such abuses in various ways.

How?

The following section should be added to the Virtuoso configuration file (e.g., /opt/virtuoso/database/virtuoso.ini) to safeguard your SPARQL endpoint against excessive usage:


[SPARQL]
MaxCacheExpiration         = 1    ; Cache Expiration time in seconds; overrides Sponger's default cache invalidation scheme
ExternalQuerySource        = 1
ExternalXsltSource         = 1
ResultSetMaxRows           = 100000
;DefaultGraph               = http://demo.openlinksw.com/dataspace/person/demo
MaxQueryCostEstimationTime = 10000    ; in seconds
MaxQueryExecutionTime      = 30    ; in seconds
;ImmutableGraphs            = http://unknown:8890/dataspace
;PingService                = http://rpc.pingthesemanticweb.com/
DefaultQuery               = SELECT DISTINCT ?URI ?ObjectType WHERE { ?URI a ?ObjectType } LIMIT 50
DeferInferenceRulesInit    = 1  ;  Defer loading of inference rules at start up

Details about these settings can be found in the SPARQL Configuration File section of the Virtuoso Online Documentation.

The "DeferInferenceRulesInit = 1" setting is particularly important when hosting large RDF data sets such as DBpedia, as it defers the load of the inference rules (which can take quite some time -- up to an hour!) until after basic server start-up.

Virtuoso Web Services ACLs can also be used to limit access to the SPARQL endpoint.

Related

CategoryVirtuoso CategoryHowTo CategorySPARQL CategoryOAuth CategoryFOAFSSL CategoryDocumentation CategoryTutorial