For some time now I've been working on a portable web firewall rule format as part of the OASIS WAS technical committee. It's been going on for much longer than I anticipated, mainly because there is so much *other* work to do. But that's not necessarily a bad thing. That other stuff I did actually helped me design a better format. You see, my first attempts were overly ambitious and too complicated. They may have been technically more able but it is usually more important for a standard to be simple than foolproof. Just look at HTTP.
Anyway, I've decided to upload the latest version online and seek comments. There are many people/companies involved with web application firewalls so getting a format that really works for all of us is something that interest me a lot. If you are interested first have a look at the informal definition, then the schema, and then at one complete example.