How to block/drop HTTP GET and POST attack?

Hello, I am seeing this in the logs of my server, running WHM 11.46.0 (build 14) on CentOS 6.6, Apache+MySQL (5.5.40) (without ModSecurity right now). I have CSF enabled. Enabled modules: bwlimited + bw_+ cloudflare_+ ruid2_ + php5 + reqtimeout_ + pagespeed with usual requirements for WordPress.
120.174.97.2 - - [14/Nov/2014:02:22:48 +0100] "GET /?0Nge=XVlqFWYs2vciua HTTP/1.1" 200 14097 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_1_1) Gecko/20051207 Firefox/11.0" 120.174.97.3 - - [14/Nov/2014:02:22:48 +0100] "GET /?KP7Ue=00Oi202DUtt324&2g8=siID&ekrAyQuHHp=51IaLuKdvTkKVE HTTP/1.1" 200 14152 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 11_3_2) Gecko/20091405 Firefox/20.0" 120.174.97.4 - - [14/Nov/2014:02:22:48 +0100] "GET /?FH5VROBx=wCPRiMOw7FliIpv&8mo8o=mhfx231Y8Re HTTP/1.1" 200 14130 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) Gecko/20011708 Firefox/13.0" 120.174.97.5 - - [14/Nov/2014:02:22:48 +0100] "GET /?lk5k=vyB3vc0gcCnXnY&7pxqt0Mn=Oi7PBoT&j37W=cqKYEsoskSffwQ5&j6i8E=MjmYe HTTP/1.1" 200 14177 "http://www.yandex.com/2jvFA7mlMl?4nD=mUwl1&8AC=Fny2ol4bsQ&4sJPcw=bHdSQIMBwF8" "Mozilla/5.0 (Linux x86_64; X11) Gecko/20032806 Firefox/21.0" 120.174.97.6 - - [14/Nov/2014:02:22:48 +0100] "GET /?4nBbx=A3wo6QHgDhkxGHoCP&F661Cjrdq=5Gc5c4bAtOa2eHG8BYME HTTP/1.1" 200 14145 "http://www.bing.com/lDM2x7" "Mozilla/5.0 (Macintosh; Intel Mac OS X 11_7_4) Gecko/20063109 Firefox/17.0" 120.174.97.7 - - [14/Nov/2014:02:22:48 +0100] "GET /?jeluv=ikqsqFiE8UU8Wun1&b1eoi=PQXLo1RnjnHU2&xljC=VmnnL3gJTiwRW0q2FCAs&wWR8xOp=pTw&oIel=tutSwEfcN0G77 HTTP/1.1" 200 11499 "-" "Mozilla/5.0 (compatible; MSIE 6.1; Linux i386; Trident/4.0; X11)" 120.174.97.8 - - [14/Nov/2014:02:22:48 +0100] "GET /?PWA=sDsWlD66oTp888&bXaWu6XPM=mxeGP7FPUbKwqQ8&pk05aq=KBG2GaLpsJq5KeS8x HTTP/1.1" 200 11469 "http://www.bing.com/HXWt0Rw?3s7L6h=l0h8oOoxlHGf2y2i&RWl=fqmGoRjqejj&HV4Rgtupj=IiALPfNUueGhFFFElv&SSb=WBrqb2kkyuYIuuTlQ8&x23fK0O=VbaR&EtiQRLkcT=rrocq0436jBvWdI34K3&5wMF=pRe2DIQyIYdMKc2JY7W&Ij2vn=gtPHEn&3Uf=2FxeqL&Aa4j=RqGIaypXbbp" "Mozilla/5.0 (compatible; MSIE 6.1; Linux i386; .NET CLR 1.3.22475; X11)" 120.174.97.9 - - [14/Nov/2014:02:22:48 +0100] "GET /?NExOFIqNAG=CdRHqqccwLPj&LN1Qct=fc80yxrQ&1f333UOK7b=2FyHDBtRX&kPURRV0=7XPjXFOacKRohyWV1 HTTP/1.1" 200 14201 "-" "Mozilla/5.0 (Linux i386; X11) AppleWebKit/536.19 (KHTML, like Gecko) Version/5.1.0 Safari/536.29"
How do you block this attack? Though the above logs shows GET request only, I've also seen POST requests in the logs. All from different IP addresses, few at a time. CSF is not picking up the attack due to slow attack rate, but it is exhausting my servers resources quickly. I am happy to enable ModSecurity (though I would prefer not to due to resource shortage). I have ModBandwidth enabled but that only can limit connection rate. Some CSF config that are related: CONNLIMIT = 80;20 PORTFLOOD = 80;tcp;20;3 CT_LIMIT = 160 CT_INTERVAL = 20 Any idea how this can be achieved using CSF or ModSecurity or ModEvasive or ModBandWidth or StringMatch? Any help / suggestions are appreciated. Regards,