The example below will whitelist requests only if they are using the HTTP "GET" method, do not have a Query String, and the file extension appears in the $fileTypes array

#=-AFM Bypass Rule. This needs to be run as a request rule prior to the AFM Enforcer rule
# Only Bypass GET Requests
if ( http.getMethod() != "GET" )
   break;

# Only byPass requests with no Query String
if ( http.getQueryString() )
   break;

# Array of file extensions to bypass
$fileTypes = [ "css", "js", "png", "gif", "jpg" ];

# Pull out extension from path
$extension = array.pop( string.split( http.getPath(), ".") );

# If the extension exists in our array, then set the whitelist flag
if ( array.contains($fileTypes, $extension) ) {
   connection.data.set("enforcer.whitelist", 1);
}