I recommend you tail the tomcat logs to capture normal operations of the Post and Get requests then add that to your WAF rule set, anything outside that block/notify.
This can be simple as copying the log syntax and adding it to the WAF. I use firewalld and IPTABLES algo. You can actually make it so that the GUACD and MYSQL only talk to each other if a certificate (PKI) is validated between each other. I would also run the SQL security script (mysql_secure_installation) to lock down the database. Also if you haven't done this yet, adding a password to Mysql core database (be surprised how many forget). Hope this helps Thank You -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
