Configuring multiple categories
There is a checkbox in the designated property page, called "For URL filtering, apply to non-primary
categorizations". When checked, all categories returned for the queried URL will be considered by the
appropriate policy element during policy evaluation.
Note: The default configuration for these elements is to apply the primary category only (as in previous
For example, assume that the URL www.contoso.com is categorized by MRS as Alcohol, Streaming
Media and News:
The exclamation mark icon indicates the category that Forefront TMG has determined as the primary
category, and the check mark icons indicate the non-primary categorizations.
Assume also that we have a rule denying access to Alcohol, News and Streaming media URL categories.
Now let's see how the rule engine outcome changes according to the new functionality and different
categories in the list:
URL Categories in a rule Is non-primary categorization Will the rule match?
Alcohol Both Yes and No (Alcohol is the Yes
primary category and isn't affected
by the new functionality)
News No No
News Yes Yes (Logged as News)
Streaming Media and News Yes Yes (Logged as Streaming Media)
Alcohol and Streaming Media Yes Yes (Logged as Alcohol)
Each Forefront TMG element dealing with multiple categories may match a different category. For
example, if destination exceptions in malware inspection contain News category and exceptions in HTTPS
outbound inspection contain Streaming Media category, a request to www.contoso.com would both be
excluded from malware inspection and HTTPS outbound inspection.
Logging and Reporting
When you include non-primary categorizations, there is an effect on logging and reporting. Instead of
logging the primary category, Forefront TMG logs the category that appears in both matched rule and
MRS result that has the highest place in the precedence list. For example, if the matched rule contains a list
of categories including News, Sports and Travel categories and the requested URL was categorized as
News, Travel and Chat, the logged category would be the most significant of News and Travel (which is
Travel). Reporting utilizes logged categories, so according to multiple categories configuration state,
reported categories may vary for the same traffic logged with or without non-primary categorizations.
URL categories applied to malware inspection and HTTPS outbound inspection aren't logged.