Restrict access to SSL VPN by IP (ASA 5540 - 8.4(7))

[kythri]

I'd like to restrict access to the SSL Web VPN by IP.

TAC has told me to apply an ACL to the control-plane, but reading up on that, it looks like that would restrict access to any "to-the-box" traffic, including management, site-to-site VPN, etc.

I only want to restrict to the SSL Web VPN.

Is a control-plane ACL truly the way to do this, or is there a better way?

Thank you!