Is it possible to protect an old, unpached apache server?
 

I badly need a place where I could make just one single jpeg freely downloadable to the internet.

Presently we have no http servers aaccessible from the internet, but one that is only accessible from within our LAN. It is an unpatched, 4-years old apache installation on a FreeBSD 4.4 machine. There is no GUI on that machine, and it is in a non-unix network environment.

I wonder if I could put the jpeg on that http server and make it accessible to the internet?

(I have got no maintenance time for four years, so patching/upgrading the server is out of question, though our whole intranet relies on that FreeBSD machine)

I wonder if it is possible to start a new (virtual) http server on that machine that should have no access to any files on that machine except for that jpeg. It should listen on a non-http port, and that port could be forwarded to a non-http port of our firewall.

Hiding the server behind e.g. stunnel is, however, not possible, as the jpeg should be accessible without authentication.

How to start a virtual http server that only has access to one single file (though there is an other http server on the same machine that should have access and serve documents for the intranet), it does not serve e.g. php pages (though php pages should be accessible from within the LAN), it should listen on a different port.
I wonder if it would be too risky to put an unpatched apache on the internet even if those conditions can be fulfilled?

Re: Is it possible to protect an old, unpached apache server?
 

How can you have no time to do maintenance on a server in 4 years?? Sounds like it can't be that critical of a server if patching isn't important...

At any rate, you should just make time to upgrade Apache. You can compile Apache2 from source in <15 minutes.