As Web Services become more and more popular, not only within closed intranets but also for inter-enterprise communications, security is becoming crucial for operating Web Services. One of the worse attacks over web services is distributed denial of service attack. DDoS attack is an attack in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, there by denying service to the system to legitimate users. The proposed paper introduces a robust mechanism to protect both web services and web servers from DDoS attack. This system is designed in such a way that it is difficult for an attacker to disable the service host also overload the server. This model uses both WSDL schema validation and server rate limit (SRL) mechanism to detect and protect services and servers from the attack.