tunnelling HTTP request through DMZ from a secured area

tunnelling HTTP request through DMZ from a secured area

In my topology I have a secured area where all the servers are. There is also a DMZ with a few reverse proxy servers. I now need to make one of the servers in the secure area open to make HTTP calls to the Internet (to a specific IP address).

I can think of two possible implementations:

1. tunnel at the router level
2. set up a forward proxy in the DMZ

Which way would be preferred?