My goal is that my colleages in our company can make https request via proxy server(Squid) outside of the company network to final destination API server.
My colleages can make requests from company network as well as from their own PC at home because they sometimes work from home.
Backgroud:
The final destination API server requires me to register whitlist of inboud accessing IP address. It can be added multiple IP addresses as whitelist, but I don't want to add all the possible IP address that can make API request. So, I was going to setup proxy server which forword requests from each IP address to API server so that I can get one single fixed IP address to be whitelisted in the setteing of API server.
However, I realized that I need to add IP address as whitelist for the proxy server instead. I need to whitelist IP address with subnet mask from which requests are made from company network, and IP address of each colleage's home PCs. It seems ending up with the same effort to add whitelist.
What is the best practice for achiving my goal in good security?
