I post a part of the logs here, maybe this could be of help:
Logging out, successfully redirected to the login page (this is configured by the login snippet):
78.34.189.166 - - [26/Nov/2011:15:36:27 +0100] "GET /ergebnisse/?service=logout HTTP/1.1" 302 37 "https://coaching-evaluationen.de/ergebnisse/skalen.html" "Mozilla/5.0 (X11; Linux i686; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 Iceweasel/7.0.1"
78.34.189.166 - - [26/Nov/2011:15:36:37 +0100] "GET /ergebnisse/?service=logout HTTP/1.1" 302 37 "-" "Mozilla/5.0 (X11; Linux i686; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 Iceweasel/7.0.1"
78.34.189.166 - - [26/Nov/2011:15:36:40 +0100] "GET /ergebnisse/ HTTP/1.1" 200 3787 "-" "Mozilla/5.0 (X11; Linux i686; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 Iceweasel/7.0.1"
Now that we are logged out, try to access the protected page again:
78.34.189.166 - - [26/Nov/2011:15:37:06 +0100] "GET /ergebnisse/skalen.html HTTP/1.1" 302 37 "-" "Mozilla/5.0 (X11; Linux i686; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 Iceweasel/7.0.1"
78.34.189.166 - - [26/Nov/2011:15:37:11 +0100] "GET /ergebnisse/skalen.html HTTP/1.1" 404 3642 "-" "Mozilla/5.0 (X11; Linux i686; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 Iceweasel/7.0.1"
You see, it first tries the redirect (302), then tells the same page does not exist - that's kind of strange to me, IMO it redirects to itself (maybe because of revossl redirecting to the ssl version of the same page?). Though I pasted the https://... URL into my browser.
About your second clue: I have an issue with files in the MODX root - I can't access them, I had to put favicon and other files to /assets/images
But I don't know how to resolve this - the files are readable to others, but don't belong to www-data - as well as the MODX root - do you know whether this is ok?
Cheers
Frisco