%META:TOPICPARENT{name="VOSIndex"}%
---+ Safeguarding your Virtuoso-hosted SPARQL Endpoint
---++What?
Protecting Virtuoso-hosted SPARQL Endpoint.
---++Why?
SPARQL endpoints are easy for random visitors to accidentally overload. Virtuoso allows you to secure your SPARQL endpoint against such abuses in various ways.
---++How?
The following section should be added to the Virtuoso configuration file
(e.g., /opt/virtuoso/database/virtuoso.ini
) to safeguard your SPARQL
endpoint against excessive usage:
[SPARQL]
MaxCacheExpiration = 1 ; Cache Expiration time in seconds; overrides Sponger's default cache invalidation scheme
ExternalQuerySource = 1
ExternalXsltSource = 1
ResultSetMaxRows = 100000
;DefaultGraph = http://demo.openlinksw.com/dataspace/person/demo
MaxQueryCostEstimationTime = 10000 ; in seconds
MaxQueryExecutionTime = 30 ; in seconds
;ImmutableGraphs = http://unknown:8890/dataspace
;PingService = http://rpc.pingthesemanticweb.com/
DefaultQuery = SELECT DISTINCT ?URI ?ObjectType WHERE { ?URI a ?ObjectType } LIMIT 50
DeferInferenceRulesInit = 1 ; Defer loading of inference rules at start up
Details about these settings can be found in
the [[http://docs.openlinksw.com/virtuoso/dbadm.html#ini_SPARQL][SPARQL
Configuration File section]] of the
[[http://docs.openlinksw.com/virtuoso/][Virtuoso Online Documentation]].
The "DeferInferenceRulesInit = 1
"
setting is particularly important when hosting large RDF data sets such as DBpedia, as
it defers the load of the inference rules (which can take quite some time -- up to
an hour!) until after basic server start-up.
Virtuoso [[http://docs.openlinksw.com/virtuoso/wsacl.html][Web Services ACLs]] can
also be used to limit access to the SPARQL endpoint.
---++Related
* [[VirtTipsAndTricksGuideSPARQLEndpointProtection][SPARQL Endpoint Protection Methods Collection]]
* [[http://docs.openlinksw.com/virtuoso/][Virtuoso documentation]]
* [[http://docs.openlinksw.com/virtuoso/rdfsparql.html#rdfsupportedprotocolendpoint][SPARQL Service Endpoint]]
* [[http://docs.openlinksw.com/virtuoso/rdfsparql.html#rdfsupportedprotocolendpointuri][Service Endpoint Security]]
* [[http://docs.openlinksw.com/virtuoso/rdfsparql.html#sparqwebservicetbl][Managing a SPARQL Web Service Endpoint]]
* [[http://docs.openlinksw.com/virtuoso/rdfsparql.html][SPARQL]]
* [[VirtTipsAndTricksGuide][Virtuoso Tips and Tricks Collection]]
* [[VirtSPARQLDET][SPARQL Endpoint DET Configuration Guide]]
* [[VirtSPARQLSecurityWebID][WebID Protocol & SPARQL Endpoint ACLs Tutorial]]
* [[VirtOAuthSPARQL][SPARQL OAuth Tutorial]]
* [[VirtTipsAndTricksGuideSPARQLEndpoints][Securing SPARQL endpoints]]
* [[http://ods.openlinksw.com/wiki/ODS/OdsSPARQLAuth][SPARUL over SPARQL using the http://cname:port/sparql-auth endpoint]]
* [[VirtAuthServerUI][Virtuoso Authentication Server UI]]
* [[VirtSPARQLSSL][Manage a SPARQL-WebID based Endpoint]]
* [[VirtSetupSSL][Configure Virtuoso instance as an X.509 Certificate Authority and HTTPS listener]]
* [[http://ods.openlinksw.com/wiki/ODS/ODSSetupSSL][Configure Virtuoso+ODS instance as an X.509 Certificate Authority and HTTPS listener]]
* [[http://ods.openlinksw.com/wiki/ODS/VirtODSSecurityWebID][WebID Protocol Support in OpenLink Data Spaces]].
* Manage ODS Datadspaces Objects WebID Access Control Lists (ACLs):
* [[http://ods.openlinksw.com/wiki/ODS/ODSBriefcaseWebID][ODS Briefcase WebID based ACL Guide]]
* [[http://ods.openlinksw.com/wiki/ODS/ODSBriefcaseWebIDPerson][Person Entity WebID based ACL Guide]]
* [[http://ods.openlinksw.com/wiki/ODS/ODSBriefcaseWebIDGroup][Group Entity WebID based ACL Guide]]
* [[http://ods.openlinksw.com/wiki/ODS/ODSBriefcaseWebIDPublic][Public WebID based ACL Guide]]
* [[http://ods.openlinksw.com/wiki/ODS/ODSFeedManagerWebIDACL][ODS Feed Manager WebID based ACL Guide]]
* [[http://ods.openlinksw.com/wiki/ODS/ODSFeedManagerWebIDACLPerson][Person Entity Specific ACL]]
* [[http://ods.openlinksw.com/wiki/ODS/ODSFeedManagerWebIDACLGroup][Group Entity Specific ACL]]
* [[http://ods.openlinksw.com/wiki/ODS/ODSFeedManagerWebIDACLPublic][Public Specific ACL for anyone with a WebID]]
* [[http://ods.openlinksw.com/wiki/ODS/ODSCalendarWebIDACL][ODS Calendar WebID based ACL Guide]]
* [[http://ods.openlinksw.com/wiki/ODS/ODSCalendarWebIDACLPerson][Person Entity Specific ACL]]
* [[http://ods.openlinksw.com/wiki/ODS/ODSCalendarWebIDACLGroup][Group Entity Specific ACL]]
* [[http://ods.openlinksw.com/wiki/ODS/ODSCalendarWebIDACLPublic][Public Specific ACL for anyone with a WebID]]
* [[http://ods.openlinksw.com/wiki/ODS/ODSBookmarksWebIDACL][ODS Bookmark Manager WebID based ACL Guide]]
* [[http://ods.openlinksw.com/wiki/ODS/ODSBookmarksWebIDACLPerson][Person Entity Specific ACL]]
* [[http://ods.openlinksw.com/wiki/ODS/ODSBookmarksWebIDACLGroup][Group Entity Specific ACL]]
* [[http://ods.openlinksw.com/wiki/ODS/ODSBookmarksWebIDACLPublic][Public Specific ACL for anyone with a WebID]]
* [[http://ods.openlinksw.com/wiki/ODS/ODSAddressBookWebIDACL][ODS Addressbook WebID based ACL Guide]]
* [[http://ods.openlinksw.com/wiki/ODS/ODSAddressBookWebIDACLPerson][Person Entity Specific ACL]]
* [[http://ods.openlinksw.com/wiki/ODS/ODSAddressBookWebIDACLGroup][Group Entity Specific ACL]]
* [[http://ods.openlinksw.com/wiki/ODS/ODSAddressBookWebIDACLPublic][Public Specific ACL for anyone with a WebID]]
* [[http://ods.openlinksw.com/wiki/ODS/ODSPkiSetup][Guide for Set up a X.509 certificate issuer and HTTPS listener and generate ODS user certificates.]]
* [[http://ods.openlinksw.com/wiki/ODS/VirtODSPubSubHub][Setting up PubSubHub in ODS]]
* [[http://ods.openlinksw.com/wiki/ODS/VirtPubSubHub][PubSubHubBub Demo Client Example]]
* [[http://ods.openlinksw.com/wiki/ODS/VirtFeedPubSubHub][Feed subscription via PubSubHub protocol Example ]]
* [[http://ods.openlinksw.com/wiki/ODS/VirtPubSubHubACL][Setting Up PubSubHub to use WebID Protocol or IP based control lists]]
* [[http://ods.openlinksw.com/wiki/ODS/OdsKeyImport][CA Keys Import using Conductor]]
* [[http://ods.openlinksw.com/wiki/ODS/ODSGenerateX509Certificate][Generate an X.509 Certificate hosted WebID Guide]]
* [[http://ods.openlinksw.com/wiki/ODS/ODSGenerateWebIDX509CertOSKeystore][Generate an X.509 Certificate (with a WebID watermark) to be managed by host operating system keystore]]
* [[http://ods.openlinksw.com/wiki/ODS/ODSGenerateWebIDX509CertBrsKeystore][Generate an X.509 Certificate (with a WebID watermark) to be managed by a browser-based keystore]]
* [[http://ods.openlinksw.com/wiki/ODS/ODSWebIDIdP][Using Virtuoso's WebID Verification Proxy Service with a WebID-bearing X.509 certificate]]
* [[http://ods.openlinksw.com/wiki/ODS/ODSWebIDIdpProxy][Using Virtuoso's WebID Identity Provider (IdP) Proxy Service with an X.509 certificate]]
* [[http://ods.openlinksw.com/wiki/ODS/ODSBriefcaseWebIDShareFile][ODS Briefcase WebID Protocol Share File Guide]]
* [[http://esw.w3.org/topic/foaf+ssl][WebID Protocol Specification]]
* [[https://foaf.me/simpleLogin.php][Test WebID Protocol Certificate page]]
* [[http://test.foafssl.org/cert/][WebID Protocol Certificate Generation page]]
CategoryVirtuoso CategoryHowTo CategorySPARQL CategoryOAuth CategoryFOAFSSL CategoryDocumentation CategoryTutorial