May I not so humbly suggest a different approach that you need to take and rapidly. You CANNOT re-write functional URL into non-functional URLs, that's simply a non-starter. But, you can detect non-SSL URLs and offer a redirect off the the forum so that user's get to deal with the "insecure" non-SSL sites themselves at their own choice. That is, if a URL is properly SSL, let it behave normally on the forum; if it is not, rather than changing the URL into oblivion, a) don't allow non-SSL site "preview" of any sort, and b) offer users "do you wish to open the insecure page in a separate window" dialog.
Thanks for the info. I don’t run your systems so I can’t comment on that level of detail with any precision, but with all due respect, the approach you’ve taken is wrong simply because it breaks the forum and it breaks the internet. Focus on security is a nobble cause, but not “at all cost” when it kills the baby in the bath. You need to go back to the drawing board, as “simple” as that.Talked with techs. We don't force the non-sll links to be HTTPS as a way of protecting you guys, but as a way to protect the site. With how our SSL works, even having the HTTP links on the site invalidates our own security certificate. Having that "are you sure?" message wouldn't be a sufficient block in the communication to get around that hurdle.