Hello John,
The idea is that if your internal http server is availible for everyone, different scanners will identify this port as opened. Only thing that you can do, is to allow access to this server only for trusted sources using access-lists.
Thank you.