sftp and scp are ssh under the covers, so how do you get a tunnel? Oh, I see, the tunnel is on the proxy. It is a bit tragic to ssh inside ssh, double encryption load. Well, you could tunnel to a web or rcp port, but I suppose the other end might require ssh on that net. So, you want to sftp or scp through a tunnel. I suppose it should work, but the connection is coming from a different host than the certificate supports, so I see lots of problems. ssh is going to smell a rat and balk!
Now, you could ssh from client host to proxy, both a) setting up a tunnel from client host port y to proxy port x and b) ssh on proxy to set up a tunnel from proxy port x to target server web port, so you can hit
http://client_host:y/file_name with wget. The two tunnels would be end to end, and http uses one port/connection and no host verifiation, and you can easily control the port.