You won't be able protect your site from ddos via PHP, only your host can protect it.
Even if you limit 100 guests, to process them, the server will need enough resources to detect that they indeed are guests - it's pointless doing so via PHP.
The only solution is to configure the web server to return 502 error (Service Temporarily Overloaded), and it will affect every visitor, not only guests. But then again, server's administrators are only who can help you with that.