To address point #1: On Cloudflare’s dashboard, clicking the Pause button will turn off Cloudflare completely, except for the DNS feature. More specifically, it causes all DNS queries to return the direct/real IP instead of Cloudflare’s proxy address.
As for the rest, blocking huge chunks of Cloudflare’s network is not productive if you are using anything other than Cloudflare’s DNS, literally all you will do is block visitors to your site. The requests are likely not originating with Cloudflare, but instead are being proxied from somewhere else by Cloudflare (which is literally what Cloudflare does).
Investigate what is the correct way to put your web server behind a reverse proxy, a lot of web servers or underlying products have the ability to rely on proxy headers, but they won’t do so unless specifically enabled.