ASM staging in Transparent and Blocking - what is difference

At first I had impression that when given explicit file type has staging enabled learning means updating parameters (like URL Length or POST Data Length) based on request passing through ASM policy - but that seems not be a case as those parameters can be either set to Any or manually set to some value - so those are not dynamically "learned".

Your first impression is correct. ASM will make learning suggestions on the Manual Traffic Learning screen when a request exceeds POST data length for an allowed file type in the policy, provided that the "Illegal POST data length" violation is set to "Learn" on the Blocking Settings Violation List. You then have the ability to "Accept" the new maximum length that ASM suggests which will cause ASM to modify the POST data length setting for the file type.

 

Also, you are correct that there is no dynamic "learning" by default where ASM automatically changes the policy settings. In manual learning mode ASM makes suggestions only. However ASM does have the ability to learn and build a policy automatically by using the Real Traffic Policy Builder or PB for short. You can begin building a new policy with the PB or enable it at any time on an existing policy. It is located here: Security>Application Security>Policy Building>Settings

 

As I understand your explanation staging in this case allows admin to see if there are any request exceeding values set for mentioned parameters (as violations in log) and based on info from log entries decide to "learn" ASM (via Learn button or by hand in file type definition) those new values to avoid violation in the future when given file type will be enforced - Am I right here?

Correct.

 

So in fact "learning" is more related to admin not to the system

Correct, when you are using manual policy building.