Denial of Service (DoS) attacks are one of the major threats to the security of networks and online servers. Active Queue Management (AQM) is an effective mechanism to prevent DoS attacks at edge routers. However, some DoS flows may have low bit rates, as they do not consume more than a fair share to avoid being detected by an AQM. AQM schemes also fall short of detecting DoS attacks conducted through IP spoofing. This paper proposes a novel AQM scheme, called Deterministic DoS Prevention (DDP) to avoid low-rate DoS attacks on infrastructure and application levels, attacks caused by unresponsive or responsive flows using IP spoofing, and the attacks having high bit rates. The performance of DDP is evaluated in comparison with an eminent AQM based DoS prevention scheme. Simulation results demonstrate the effectiveness of DDP in effectively detecting IP spoofing and filtering malicious flows that orchestrate high-rate and low-rate DoS attacks.