Is there any alternate solution if I want on the same line like '(clientlibs|css|gif|ico|js|png|swf|jpe?g|woff2?)' ?

Hi there, I'm trying to set up our dispatcher, but realize attacker able to bypass the default filter by appending ";%0aJLN.ico" such as some of the endpoints affected like "https://website.com/check.jsp;%0aJLN.ico" I realize this extension below allow the attacker to go through any extension listed...