mod_headers.xml: backport r1844401

    modified.</p>

    <p> The optional <var>condition</var> argument determines which internal

    table of responses headers this directive will operate against. Despite the

    name, the default value of <code>onsuccess</code> does <em>not</em> limit 

    an <var>action</var> to responses with a 2xx status code.  Headers set under

    this condition are still used when, for example, a request is <em>successfully</em>

    proxied or generated by CGI, even when they have generated a failing status code.</p>

    <p>When your action is a function of an existing header, you may need to specify

    a condition of <code>always</code>, depending on which internal table the

    original header was set in.  The table that corresponds to <code>always</code> is

    used for locally generated error responses as well as successful responses.  

    table of responses headers this directive will operate against:

    <code>onsuccess</code> (default, can be omitted) or <code>always</code>.

    The difference between the two lists is that the headers contained in the

    latter are added to the response even on error, and persisted across

    internal redirects (for example, ErrorDocument handlers).

    Note also that repeating this directive with both conditions makes sense in

    some scenarios because <code>always</code> is not a superset of

    <code>onsuccess</code> with respect to existing headers:</p>

       <li> You're adding a header to a locally generated non-success (non-2xx) response, such

            as a redirect, in which case only the table corresponding to

            <code>always</code> is used in the ultimate response.</li>

       <li> You're modifying or removing a header generated by a CGI script,

            in which case the CGI scripts are in the table corresponding to

       <li> You're modifying or removing a header generated by a CGI script

            or by <module>mod_proxy_fcgi</module>,

            in which case the CGI scripts' headers are in the table corresponding to

            <code>always</code> and not in the default table.</li>

       <li> You're modifying or removing a header generated by some piece of

            the server but that header is not being found by the default

            <code>onsuccess</code> condition.</li>

    </ul>

    <p>This difference between <code>onsuccess</code> and <code>always</code> is

    a feature that resulted as a consequence of how httpd internally stores

    headers for a HTTP response, since it does not offer any "normalized" single

    list of headers. The main problem that can arise if the following concept

    is not kept in mind while writing the configuration is that some HTTP responses

    might end up with the same header duplicated (confusing users or sometimes even

    HTTP clients). For example, suppose that you have a simple PHP proxy setup with

    <module>mod_proxy_fcgi</module> and your backend PHP scripts adds the

    <code>X-Foo: bar</code> header to each HTTP response. As described above,

    <module>mod_proxy_fcgi</module> uses the <code>always</code> table to store

    headers, so a configuration like the following ends up in the wrong result, namely

    having the header duplicated with both values:</p>

    <highlight language="config">

# X-Foo's value is set in the 'onsuccess' headers table

Header set X-Foo: baz

    </highlight>    

    <p>To circumvent this limitation, there are some known configuration

    patterns that can help, like the following:</p>

        <highlight language="config">

# 'onsuccess' can be omitted since it is the default

Header onsuccess unset X-Foo

Header always set X-Foo "baz"

        </highlight>

    <p>Separately from the <var>condition</var> parameter described above, you

    can limit an action based on HTTP status codes for e.g. proxied or CGI

    requests. See the example that uses %{REQUEST_STATUS} in the section above.</p>

    argument (second argument if a <var>condition</var> is specified).

    This can be one of the following values:</p>

    <note type="warning"><title>Warning</title>

        <p>Please read the difference between <code>always</code>

        and <code>onsuccess</code> headers list described above

        before start reading the actions list, since that important

        concept still applies. Each action, in fact, works as described

        but only on the target headers list.</p>

    </note>

    <dl>

    <dt><code>add</code></dt>

    <dd>The response header is added to the existing set of headers,