I simply followed the instructions here http://www.sitefinity.com/developer-network/knowledge-base/securing-a-sitefinity-backend-with-ssl, including making the whole backend require SSL per page and changing the workflow base url.
Without having the cookieHandler requireSsl="true", everything works great, all seems to be going over SSL, it automatically goes to SSL for login etc. But if you follow http://www.sitefinity.com/documentation/documentationarticles/secure-cookies (specificially the cookieHandler requireSsl="true" part), it gets stuck in a redirect loop (looking at the network traffic) when you just try to go and edit a page (click pages on backend, click on page). All frontend pages are set without "Require SSL", and in the sitefinity settings I don't "force" redirect to http if not set.
I've tried the rewrite rule, but that does the same thing or worse (redirect loop on frontend as well). Seems the "Require SSL" that's not ticked on frontend pages conflicts with the cookie going over SSL.
I'd like to note :
Going to for instance /home/Action while on the ssl backend (pages) sends the cookies over ssl. But this then does a permanent redirect to /home/Action over http, so the cookies are definitely sent over http.
Ok. So the issue is that if you want to run frontend over http but backend over https, there will be a conflict because even in edit mode, there's a forced redirect to http ("Require SSL" is not ticked). Seems you can't easily - without replacing the frontend route - have the frontend run over http but the page edits run over https.
I'll go with one of the other ways to get the whole site running under https (without requiring content editors setting the "Require SSL" manually).