What is Apache Synapse?

I am pretty sure that this is not Apache Synapse, it's some tools built with Ararat Synapse, which is a Delphi TCP/IP library. I downloaded the source code from both projects, and as far I can see, Apache Synapse has a configurable user-agent, and the default is:

On the other hand, Ararat Synapse has this default user agent:

It's just like the one you have in your logs, and I have exactly the same user agent probing with various SQL injection attacks. Probably the attackers are using some tools built in Delphi with the Ararat Synapse library.

Since the bad guys didn't change the default user-agent, I think it's safe to block this one:

Mozilla/4.0 (compatible; Synapse)

not partially because you can block some legitimate tools running on Apache Synapse, and I believe that any legitimate bot or project would define a user-agent and not hide with default.

There is no point blocking IPs because it seems that the attack is coming from various IP addresses around the world, probably some botnets.

Are all the IPs from a specific range? Is that range assigned to a specific company? If it is, just lookup who the range is assigned to and contact the Technical Contact listed.

The most likely thing I can think of is that they are scraping content from your webpage or programming something which will scrape content (which explains the weird boundary conditions as arguments).

It could be something a little less innocent, I don't know what data you are trying to protect (it could be worth something). They could be trying to expose an error page which can dump sensative debug info. If that is the case then I would suggest setting up a web app firewall. They are made to prevent this kind of sensitive error messages and other abuses from happening.

You could just try banning the IP ranges and see who complains... although that's your last resort.

Same person trying to inject -1 into the viewstate:

finder-query: -1'

It's probably an automated SQL injection tester tool.