Yes, there is a protection. Basically, you will have to add a firewall rule to detect such hosts (criteria: several tcp/port 80 connections from same host), and when you have one, add that source IP to an address-list.
/ip firewall filter add chain=input protocol=tcp dst-port=80 connection-limit=200,32 \ action=add-src-to-address-list address-list=blocked-addr address-list-timeout=1d Then, block incoming connections from that address-list.
/ip firewall filter add chain=input src-address-list=blocked-addr action=drop You have to tune the limit (here, 200). And also the chain (input if the Web server is the mikrotik device, forward if it's another web server)
This is adapted from the wiki: http://wiki.mikrotik.com/wiki/DoS_attack_protection