<If this is the case then the traffic coming from Internet to public DMZ, IPS policy match would be like source any, destination is public IP of servers?>
Here's an example that might help. This applies to JunOS 11.2r4,11.4r1 on the SRX Branch and just shows the zones/address match conditions within the IPS policy
The IPS and IPS Exempt rulebases both work the same way.
Your Destination Zone is DMZ
Your Servers private IP in the DMZ is 10.10.10.10
Your Servers public IP as advertised on the Internet is 123.123.123.10.
IPS rule on incoming traffic from Internet to the Server in DMZ
source zone (untrust), source address (any), destination zone (post-nat dest zone), destination address (pre-nat destination ip)
source zone (untrust), source address (any), destination zone (DMZ), destination address (123.123.123.10)
IPS rule on outgoing traffic from the Server in DMZ to Internet
source zone (pre-nat source zone), source address (pre-nat source-ip), destination zone (untrust), destination address (any).
source zone (DMZ), source address (10.10.10.10), destination zone (untrust), destination address (any).