According to Dynamic IP Security document in Microsoft :
AbortRequest : Specifies that by default IIS should send a deny mode response of Abort back to clients. The numeric value is 0.
Forbidden : Specifies that by default IIS should send a deny mode response of Forbidden back to clients. The numeric value is 403.
The description seems similar. Is it just about numeric value ?
As that article says, aborting simply drops the connection without bothering to complete the request or give any reason for the cancellation.
Sending a Forbidden response means it will complete the request and send a HTTP status code, but it denies the user access to the originally requested resource. Some relevant response data may still be returned to the caller (even if it's just a string saying "Forbidden").