You cannot prevent a DDoS. It has become a service for hire, and anyone with enough money can pay to have it done by the hour, day, week etc.. All you can do is mitigate how it affects your services, which usually requires cooperation with your service provider and / or a third party company that is capable of filtering most of the unwanted traffic. At the same time you have to be careful to avoid filtering legitimate traffic. Blocking / redirecting packets by geolocation is easy, but filtering traffic of the areas that you serve is much more challenging.
It's frustrating, but if you want