A distributed attack initiated by a malicious party whose final purpose is to disrupt the services offered by a system to legitimate users is called DDoS. In recent years, many such attacks have been reported, some of them being able to cause major loses for companies or government institutions. In this paper, we analyze the impact of HOIP and Slowloris based DDoS attacks on both Windows and Linux web servers. Moreover, we evaluate several software protection mechanisms including IIS and Dynamic IP Restrictions for Windows server and mod-evasive, mod-qos, IPTables, Fail2Ban for Linux Server.