is there a guide or document that explains the default rule set in detail? I do understand how it works, but I am puzzeled by some specifics (like some of the "Handle Special Sites" rules).
Not really, I created a guide which talks about the evolution of it. https://community.mcafee.com/docs/DOC-3348
But specifically the Handle Special sites is for sites that are special. Like Microsoft updates, or other odd sites that we've seen cause issues. It is also a good place to change chunk encoding settings or change use of persistant connections.
Thanks Jon. I've read the other document, but it doesn't go into the details very much. Most of the rules are self-explanatory. But some are not. For example, in the special sites rules is one that only hits in the response cycle and uses a "response whitelist". It contains some regex and seems to handle streaming sites. Not sure what that does.
Also, there are rules to whitelist special update servers and things like that, but the lists are empty. It would be nice if there was a guide on what special update servers are and why they are supposed to be whitelisted.
Stuff like that. In general, the default ruleset deserves better documentation Especially for new users, who will most probably start with the default ruleset and build up from there.