Safeguarding your Virtuoso-hosted SPARQL Endpoint
What?
Protecting Virtuoso-hosted SPARQL Endpoint.Why?
SPARQL endpoints are easy for random visitors to accidentally overload. Virtuoso allows you to secure your SPARQL endpoint against such abuses in various ways.How?
The following section should be added to the Virtuoso configuration file (e.g., /opt/virtuoso/database/virtuoso.ini) to safeguard your SPARQL endpoint against excessive usage:
[SPARQL]
MaxCacheExpiration = 1 ; Cache Expiration time in seconds; overrides Sponger's default cache invalidation scheme
ExternalQuerySource = 1
ExternalXsltSource = 1
ResultSetMaxRows = 100000
;DefaultGraph = http://demo.openlinksw.com/dataspace/person/demo
MaxQueryCostEstimationTime = 10000 ; in seconds
MaxQueryExecutionTime = 30 ; in seconds
;ImmutableGraphs = http://unknown:8890/dataspace
;PingService = http://rpc.pingthesemanticweb.com/
DefaultQuery = SELECT DISTINCT ?URI ?ObjectType WHERE { ?URI a ?ObjectType } LIMIT 50
DeferInferenceRulesInit = 1 ; Defer loading of inference rules at start up
Details about these settings can be found in the SPARQL Configuration File section of the Virtuoso Online Documentation.
The "DeferInferenceRulesInit = 1" setting is particularly important when hosting large RDF data sets such as DBpedia, as it defers the load of the inference rules (which can take quite some time -- up to an hour!) until after basic server start-up.
Virtuoso Web Services ACLs can also be used to limit access to the SPARQL endpoint.
Related
- SPARQL Endpoint Protection Methods Collection
- Virtuoso documentation
- Virtuoso Tips and Tricks Collection
- SPARUL over SPARQL using the http://cname:port/sparql-auth endpoint
- Virtuoso Authentication Server UI
- Manage a SPARQL-WebID based Endpoint
- Configure Virtuoso instance as an X.509 Certificate Authority and HTTPS listener
- Configure Virtuoso+ODS instance as an X.509 Certificate Authority and HTTPS listener
- WebID Protocol Support in OpenLink Data Spaces.
- Manage ODS Datadspaces Objects WebID? Access Control Lists (ACLs):
- Guide for Set up a X.509 certificate issuer and HTTPS listener and generate ODS user certificates.
- Setting up PubSubHub in ODS
- PubSubHubBub Demo Client Example
- Feed subscription via PubSubHub protocol Example
- Setting Up PubSubHub to use WebID Protocol or IP based control lists
- CA Keys Import using Conductor
- Generate an X.509 Certificate hosted WebID Guide
- Generate an X.509 Certificate (with a WebID watermark) to be managed by host operating system keystore
- Generate an X.509 Certificate (with a WebID watermark) to be managed by a browser-based keystore
- Using Virtuoso's WebID Verification Proxy Service with a WebID-bearing X.509 certificate
- Using Virtuoso's WebID Identity Provider (IdP) Proxy Service with an X.509 certificate
- ODS Briefcase WebID Protocol Share File Guide
- WebID Protocol Specification
- Test WebID Protocol Certificate page
- WebID Protocol Certificate Generation page
CategoryVirtuoso CategoryHowTo CategorySPARQL CategoryOAuth CategoryFOAFSSL CategoryDocumentation CategoryTutorial