Nginx

How to see requests blocked by Nginx, IP list?

Good afternoon!
For several days now, the server has received 100-300 GB of daily incoming requests, which I can’t see from where and where they go.
Server on Hetzner, only ports 80 and 443 are outside (hardware firewall). Most of the requests are handled by Nginx.

It turns out this order of firewalls:
1. Cloudflare (some countries are blocked)
2. Hetzner Hardware - - only 80, 443 out
3. Server Software Firewall - only 80, 443 out
4. Nginx which blocks everything suspicious.
1. I look online through Logtop / analyze site logs - I don’t see anything abnormal, any requests or connections of a large number from certain IP addresses.
Online mode :

tail -f /var/log/apache2/domains/*.log | cut -d ' ' -f 1 | logtop -c 100000

Site logs - displaying the top IP addresses from which there were requests from all site logs, followed by DNS and ASN entry in case of a ban:

awk '{print $1}' /var/log/apache2/domains/*.log | grep -Ev ':|66.249' | sort | uniq -c | sort -nr | head  -n 50

2. Through Netstat, I see only Cloudflare IP addresses. all sites work only through it, and I can only see the client's real IP when it gets into the site log
. parsing https://github.com/mitchellkrogza/nginx-ultimate-b... , over 100 ASN subnets have been listed, including all Hetzner/OVH subnets and others.
4. I regularly ban everyone who made POST requests, but this is a drop in the ocean.
Questions
1. Where else to look?
2. How to see the requests that are blocked by Nginx and their IP? It is possible to ban requests on Cloudflare / Hetzner Firewall (only a few rules left) without letting them go to my server, but for this you need to see them.
3. In general, is the situation possible that I assume that nginx bans these requests, but nevertheless the incoming bandwich goes? I understand this is DDOS?
Thank you for your help, it is desirable to have contacts in the profile.