Mod Security Warnings in Apache Error Logs

I’m seeing these types of warnings in my server’s error logs:

I’m not a technical person. So a few questions:

  1. Are these attempted attacks?
  2. Have this gotten past Cloudflare, which is why they appear in my server’s error logs?
  3. If these are attacks, can they be blocked at the Cloudflare level before they hit my server?
  4. If they can, what rules should I create or what settings should I turn on?