The ASL product is definitely worth paying attention to, but is is oriented on small companies required just a few servers.
Current downsides of ASL are
- running on the server consuming it's resources
- not really oriented on load balanced solutions
- not suitable for hosting companies managing large amount of customer VMs

What you really need to do is to work on making ASL a gateway appliance (similar to Netscaler VPX Application Firewall and many others), where:
- the traffic from the Internet to VMs flows through the appliance
- the traffic (e.g. HTTP and HTTPS) is monitored for signatures
- the appliance has control over HTTP packets and able to implement signature match, DoS protection and the rest.
- the rest is usual ASL with it's reporting and feature management

This could grow into a big project.

This is a great thread

So yes, we do have an appliance in the works targeted more for business/enterprisey type use. ASL is also Like a SEIM which leads to the next thing:

ASL can be a SEIM now, we call that particular project ASLe (enterprise). While centralized management isnt in place yet, every ASL install out there can act as a client talking to other ASL servers, or as a central server doing event & basic rule management, centralized whitelisting, and shared active response (an attack on one is blocked on all). It can also do agentless monitoring of other devices (routers for example), and even do basic HIDS monitoring on windows systems.

I dont know what we'll call the appliance version... ASL in a Box maybe? Maybe we'll do a naming contest with a prize of a skein of yarn made from the fur of Toki the Support Samoyed (he'll be blowing his coat soon!).

Performance, a lot of things effect that. We've been running benchmarks on what actually effects different design changes make on httpd:
viewtopic.php?f=1&t=5576

Yes, it is more of a enterprise / datacenter idea, but this is where you will be heading for anyway. Comparing with unified console where you control all ASL install, having an appliance will be an advantage for customers with 5+ ASL installs (even managed through) a single console and will provide much higher security due to it's design (the only point of accessing a port on a VM will be ASL appliance, controlling any traffic flows to/from the VM). Look at Citrix Netscaler VPX appliance (Juniper has it's own variant of the same thing, available for VMWare only), it is great, except of it's Application Firewall is rooted.

I belive the T-WAF is the first step towards appliance - based ASL. This would be a great feature.

Yup, the core functionality for it is in the T-WAF now.