这也许是更好的在应用层面做到这一点，那就是，发送登录链接作为HTTPS直接链接。

通过重定向从HTTP到HTTPS的问题是，客户端首先使通过纯HTTP请求。在情况下它一定会到HTTPS初始页面，它不一定是一个问题，但如果您发送真实透明地重定向到HTTPS页面的HTTP请求的凭据，他们会一直反正泄露。

I'm trying to get a login page to redirect to https and all other pages revert to standard http. When I have /login as the address, it shows up as /index.php?page=login and isn't displayed on a secure page.

The htaccess code in question is below :

RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} ^/login$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L]

RewriteCond %{REQUEST_URI} !^/login$
RewriteCond %{SERVER_PORT} 443 
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L]

RewriteRule ^([a-zA-Z0-9_\-\(\)]+)[/]?$ /index.php?page=$1

It's probably better to do this at the application level, that is, send the "login" link as an HTTPS link directly.

The problem with redirects from HTTP to HTTPS is that the client first makes the request over plain HTTP. In the case where it's only going to the HTTPS initial page, it's not necessarily a problem, but if you send the credentials in an HTTP request that's transparently redirected to an HTTPS page, they'll have been leaked anyway.