Shellshock mitigation with BIG-IP iRules

As per the problem description, bash allows arbitrary code execution as mentioned below. $ env var='() { ignore this;}; echo vulnerable' bash -c /bin/true If one tries with any other combination other than "() {" , it does not execute the code. In that case, why do we need a regEx kind of check on combination of "(" and ")" and "{" appearing on other combinations? As mentioned here by others, it might block legitimate users with user-agent headers containing ( ) { scattered in succession. What is the problem with the solution of custom signature in the ASM – by rejecting “() {“ pattern in header values?