Web application firewalls (WAF) have been proven to be a useful tool in a much needed security for internet applications. Automation of ruleset development for WAF may reduce human errors and establish required baseline for web security. This research paper shows that mechanical implementation of highest paranoia levels on WAF may severely affect the productivity of the system and calls for the need for human intervention to critically review the proposed ruleset and find the optimal paranoia level that suits specific web application.