I use a couple of functions that based on "logic" are called from within the Page_Controller init method ...
public static function ForceSSL(){
if((Director::protocol() != "https://")) { // echo 'REDIRECTING'; die();
$destURL = str_replace('http:', 'https:', Director::absoluteURL($_SERVER['REQUEST_URI']));
header("Location: $destURL", true, 301);
die("<h1>Your browser is not accepting header redirects</h1><p>Please <a href=\"$destURL\">click here</a>");
}
}
public static function ForceNoneSSL(){
if(Director::protocol() != "http://") {
$destURL = str_replace('https:', 'http:', Director::absoluteURL($_SERVER['REQUEST_URI']));
header("Location: $destURL", true, 301);
die("<h1>Your browser is not accepting header redirects</h1><p>Please <a href=\"$destURL\">click here</a>");
}
}