This HTML5 document contains 33 embedded RDF statements represented using HTML+Microdata notation.

The embedded RDF content will be recognized by any processor of HTML5 Microdata.

PrefixNamespace IRI
n16http://ods.openlinksw.com/dataspace/person/dav#
dctermshttp://purl.org/dc/terms/
atomhttp://atomowl.org/ontologies/atomrdf#
n11http://docs.openlinksw.com/val/group__val__acl__module__internal__api.html#
n5http://ods.openlinksw.com/dataspace/owiki/wiki/
foafhttp://xmlns.com/foaf/0.1/
oplhttp://www.openlinksw.com/schema/attribution#
n18http://ods.openlinksw.com/dataspace/owiki#
dchttp://purl.org/dc/elements/1.1/
rdfshttp://www.w3.org/2000/01/rdf-schema#
n8http://rdfs.org/sioc/services#
n15http://ods.openlinksw.com/dataspace/owiki/wiki/ODS/VAL_HttpRestrictions/sioc.
n2http://ods.openlinksw.com/dataspace/owiki/wiki/ODS/
siocthttp://rdfs.org/sioc/types#
n20http://ods.openlinksw.com/dataspace/person/owiki#
rdfhttp://www.w3.org/1999/02/22-rdf-syntax-ns#
n13http://docs.openlinksw.com/val/val_configuration.html#
n7http://ods.openlinksw.com/dataspace/services/wiki/
xsdhhttp://www.w3.org/2001/XMLSchema#
n9http://ods.openlinksw.com/dataspace/dav#
siochttp://rdfs.org/sioc/ns#
n4http://docs.openlinksw.com/val/group__val__acl__module__http__api.
Subject Item
n16:this
foaf:made
n2:VAL_HttpRestrictions
Subject Item
n7:item
n8:services_of
n2:VAL_HttpRestrictions
Subject Item
n18:this
sioc:creator_of
n2:VAL_HttpRestrictions
Subject Item
n5:ODS
sioc:container_of
n2:VAL_HttpRestrictions
atom:entry
n2:VAL_HttpRestrictions
atom:contains
n2:VAL_HttpRestrictions
Subject Item
n2:ValQuickStartGuide
sioc:links_to
n2:VAL_HttpRestrictions
Subject Item
n2:VAL_HttpRestrictions
rdf:type
sioct:Comment atom:Entry
dcterms:created
2017-06-13T06:01:38.498840
dcterms:modified
2017-06-29T07:33:17.644702
rdfs:label
VAL_HttpRestrictions
foaf:maker
n16:this n20:this
dc:title
VAL_HttpRestrictions
opl:isDescribedUsing
n15:rdf
sioc:has_creator
n18:this n9:this
sioc:content
%META:TOPICPARENT{name="ValQuickStartGuide"}% ---+ HTTP Restrictions %TOC% ---++ Virtuoso Restriction Hook Virtuoso provides a hook procedure called <nowiki>DB.DBA.DBEV_RESTRICTIONS</nowiki> which, given a map of restriction names to their requested value ("min" or "max"), will return a set of mappings from restriction name to a vector containing the restriction type ("min" or "max"), the restriction value, and the optional service ID which triggered the restriction. If the latter is null then the restriction was triggered by the client IP address. Since March 19th, 2014 Virtuoso provides a second restrictions hook <nowiki>DB.DBA.DBEV_GET_CONNECTION_RESTRICTION</nowiki> which supports restriction parameters. Restriction parameters simply allow to divide one restricted resource into several restrictions. This is very useful in terms of HTTP as it allows to define different restrictions for different urls or virtual dirs. This hook is implemented in VAL and uses the ACL restriction system by prefixing every restriction name with <code>urn:virtuoso:restrictions:</code>. VAL's implementation will always choose the least restrictive value. That means given two max values, one via the IP address and one via the authenticated user, VAL will choose the higher value. The Restrictions can be controlled via the [[http://docs.openlinksw.com/val/group__val__acl__module__http__api.html][VAL ACL RESTful API]] or the [[http://docs.openlinksw.com/val/group__val__acl__module__internal__api.html#ga89b2c77c10c82186ddc0e7b46093123c][Internal VAL API]]. Alternatively one can directly add the restrictions to the private graph matching the realm in which the restrictions should apply. Given the default realm <code><nowiki>http://www.openlinksw.com/ontology/acl#DefaultRealm</nowiki></code> and default hostname <code>"HOST"</code> the graph IRI would be <code><nowiki>http://HOST/acl/graph/restrictions/http%3A%2F%2Fwww.openlinksw.com%2Fontology%2Facl%23DefaultRealm</nowiki></code> and the groups will be stored in named graph <code><nowiki>http://HOST/acl/graph/groups/http%3A%2F%2Fwww.openlinksw.com%2Fontology%2Facl%23DefaultRealm</nowiki></code>. Be aware that [[http://docs.openlinksw.com/val/val_configuration.html#val_configuration_acl_graphs][these graphs can be customized]] for better readability. ---++ HTTP Restriction Names Virtuoso uses two restrictions which can be controlled on an IP address level or via service IDs. These restrictions define "global" limits on all virtual dirs. 1 <code>urn:virtuoso:restrictions:http-request-rate</code> restricts the maximum request rate per second. 1 <code>urn:virtuoso:restrictions:http-content-size</code> restricts the maximum content size for requests If one wants to define restrictions only for a specific virtual dir or a specific URL then the above URNs need to be used as restriction parameters in restrictions on the url in question. See below for examples. ---+++ HTTP Restriction Examples ---++++ Global Http Restrictions ---+++++ Restrict the requests per second to 10 for everyone for every http request <verbatim> SPARQL PREFIX oplres: <http://www.openlinksw.com/ontology/restrictions#> PREFIX foaf: <http://xmlns.com/foaf/0.1/> WITH GRAPH <http://{HOST-CNAME}/acl/restrictions/groups/http%3A%2F%2Fwww.openlinksw.com%2Fontology%2Facl%23DefaultRealm> INSERT { <{REST-IRI}> a oplres:Restriction ; foaf:maker <{PERSON-WEBID}> ; foaf:name "Base line is 10 requests per second" ; oplres:hasMaxValue "10"^^xsd:decimal ; oplres:hasRestrictedResource <urn:virtuoso:restrictions:http-request-rate> ; oplres:hasAgentClass foaf:Agent ; oplres:hasRealm oplacl:DefaultRealm . }; </verbatim> ---+++++ Restrict the requests per second to 1000 for the intranet for every http request IP Address ranges are defined via conditional groups. Thus, we first define the conditional group which includes all IP addresses with a certain pattern: <verbatim> SPARQL PREFIX oplres: <http://www.openlinksw.com/ontology/restrictions#> PREFIX foaf: <http://xmlns.com/foaf/0.1/> WITH GRAPH <http://{HOST-CNAME}/acl/restrictions/groups/http%3A%2F%2Fwww.openlinksw.com%2Fontology%2Facl%23DefaultRealm> INSERT { <{GROUP-IRI}> a oplacl:ConditionalGroup ; foaf:maker <{PERSON-WEBID}> ; foaf:name "Internal Network" ; oplacl:hasCondition [ a oplacl:IPAddressCondition ; oplacl:hasIPAddressPattern "198.168..*" ] . }; </verbatim> And then we use this group in our restriction: <verbatim> SPARQL PREFIX oplres: <http://www.openlinksw.com/ontology/restrictions#> PREFIX foaf: <http://xmlns.com/foaf/0.1/> WITH GRAPH <http://{HOST-CNAME}/acl/restrictions/groups/http%3A%2F%2Fwww.openlinksw.com%2Fontology%2Facl%23DefaultRealm> INSERT { <{REST-IRI}> a oplres:Restriction ; foaf:maker <{PERSON-WEBID}> ; foaf:name "Intranet HTTP requests per second" ; oplres:hasMaxValue "1000"^^xsd:decimal ; oplres:hasRestrictedResource <urn:virtuoso:restrictions:http-request-rate> ; oplres:hasAgent <{GROUP-IRI}> ; oplres:hasRealm oplacl:DefaultRealm . }; </verbatim> ---++++ Virtual-Dir or URL-specific Http Restrictions ---+++++ Restrict the requests per second to 10 for everyone on one virtual dir The following restriction is scoped to all http requests on one virtual dir, i.e. /sparql. This means any request to pages in that virtual dir will be subject to the same restriction. This means that one client can make 10 requests in total on that virtual dir. <verbatim> SPARQL PREFIX oplres: <http://www.openlinksw.com/ontology/restrictions#> PREFIX foaf: <http://xmlns.com/foaf/0.1/> WITH GRAPH <http://{HOST-CNAME}/acl/restrictions/groups/http%3A%2F%2Fwww.openlinksw.com%2Fontology%2Facl%23DefaultRealm> INSERT { <{REST-IRI}> a oplres:Restriction ; foaf:maker <{PERSON-WEBID}> ; foaf:name "Base line is 10 requests per second" ; oplres:hasMaxValue "10"^^xsd:decimal ; oplres:hasRestrictedResource <http://linkeddata.uriburner.com/sparql> ; oplres:hasRestrictedParameter <urn:virtuoso:restrictions:http-request-rate> ; oplres:hasAgentClass foaf:Agent ; oplres:hasRealm oplacl:DefaultRealm . }; </verbatim> ---+++++ Restrict the requests per second on one specific URL The following restriction allows 1000 requests per second on one specific URL (given that there is no virtual dir which matches that URL). It uses the same conditional group as above. So in practice this restriction limits the rate on one specific ODS API call: <verbatim> SPARQL PREFIX oplres: <http://www.openlinksw.com/ontology/restrictions#> PREFIX foaf: <http://xmlns.com/foaf/0.1/> WITH GRAPH <http://{HOST-CNAME}/acl/restrictions/groups/http%3A%2F%2Fwww.openlinksw.com%2Fontology%2Facl%23DefaultRealm> INSERT { <{REST-IRI}> a oplres:Restriction ; foaf:maker <{PERSON-WEBID}> ; foaf:name "Intranet HTTP requests per second" ; oplres:hasMaxValue "1000"^^xsd:decimal ; oplres:hasRestrictedResource <http://web.ods.openlinksw.com/ods/api/user.info> ; oplres:hasRestrictedParameter <urn:virtuoso:restrictions:http-request-rate> ; oplres:hasAgent <{GROUP-IRI}> ; oplres:hasRealm oplacl:DefaultRealm . }; </verbatim>
sioc:id
19295341c06b95ac4e6ee7ce360eeaa6
sioc:link
n2:VAL_HttpRestrictions
sioc:has_container
n5:ODS
n8:has_services
n7:item
atom:title
VAL_HttpRestrictions
sioc:links_to
n4:html n11:ga89b2c77c10c82186ddc0e7b46093123c n13:val_configuration_acl_graphs
atom:source
n5:ODS
atom:author
n16:this
atom:published
2017-06-13T06:01:38Z
atom:updated
2017-06-29T07:33:17Z
sioc:topic
n5:ODS
Subject Item
n9:this
sioc:creator_of
n2:VAL_HttpRestrictions